1

I have created a local host using python 2.0, now i'm trying to access a local file using ajax :

read.open("POST", "http://localhost:8000/text.txt", true);
read.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
read.setRequestHeader('Access-Control-Allow-Origin','*');
read.send('http://localhost:8000');

the file i'm want to access is text file

but i keep getting these error in chrome:

XMLHttpRequest cannot load http://localhost:8000/text.txt. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 501.

and these in firefox

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8000/text.txt. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

i have looked at few answers which are

  1. adding a extension - which is not very helpful if i'm using other browsers.

  2. disabling security features in chrome - not a permanent solution.

  3. Jquery plugin.

Can anyone tell me any solution that will work for JavaScript?

GabrieleMartini
  • 1,665
  • 2
  • 19
  • 26
Akash Jain
  • 684
  • 9
  • 23
  • CORS should be handled on server side and it should permit the requests from another origin. Please refer to this link: https://stackoverflow.com/questions/50065875/how-to-enable-cors-in-python – Manoj Vadehra Jan 21 '19 at 16:35
  • The header must be set by the *server*. –  Jan 21 '19 at 16:35
  • You have to check on your sever side if the .txt is allowed origin. – Anand G Jan 21 '19 at 16:36
  • 1
    It's a security feature designed to stop your JavaScript from reading someone else's data without permission. It would be pretty pointless if your JavaScript could give itself permission to read someone else's data!! – Quentin Jan 21 '19 at 16:37
  • "Allow-Control-Allow-Origin" is set by the server. Which basically means that server is allowing the request from all origin. i.e. After you set this header the XHR request can be made from any domain i.e. eg: xyz.com or abc.com. Also, you might want to check whether your server allows static resource service. I am not aware how did you set up your server so cannot explain further without more information. – Bharat23 Jan 21 '19 at 16:39
  • i'm completely aware that `Access-Control-Allow-Origin: http://example.com/` must be added to the server , just don't know how to add it.. – Akash Jain Jan 21 '19 at 16:53
  • 1
    @AkashJain — So ask a question about the Python HTTP framework you are using. Better yet: Google it. e.g. https://stackoverflow.com/questions/35760943/how-can-i-enable-cors-on-django-rest-framework (and if you're completely aware of that, why did you ask questions about doing it in client side JavaScript?!) – Quentin Jan 21 '19 at 16:59
  • @Quentin it's pure python , `python -m SimpleHTTPServer` i was hoping to access using java Script , seems that's not the case anymore – Akash Jain Jan 21 '19 at 17:07
  • SimpleHTTPServer is Simple. You need something smarter to do CORS. – Quentin Jan 21 '19 at 19:39
  • any suggestions??? – Akash Jain Jan 21 '19 at 19:56
  • Almost anything – Quentin Jan 21 '19 at 21:05

0 Answers0