How can I connect with api when my xmlhttprequest is blocked by CORS

Question

I am using XMLHttpRequest() to connect with API and in console I have error about blocked by CORS policy. My url use https. How to connect with that API? I need some API-KEY or something like that?

I installed Allow-Control-Allow-Origin extension to chrome. It doesn't help

Example:

  function UserAction() {
    var xmlhttp = new XMLHttpRequest();
 // xmlhttp.setRequestHeader('Accept', 'application/json');
    xmlhttp.withCredentials = true;
        xmlhttp.onreadystatechange = function() {
            if (this.readyState == 4 && this.status == 200) {
            var myObj = JSON.parse(this.responseText);
            document.getElementById("demo").innerHTML = myObj.high;
        }
    };
    xmlhttp.open("GET", "https://sinsmbe1.insepa.net:20106/m3api-rest/execute/CRS610MI/LstByNumber;maxrecs=100;returncols=CUNO,STAT?CUNO=10000", true);
    xmlhttp.send();
  }

I have 3 information from console.

Warning:

The connection used to load resources from https://sinsmbe1.insepa.net:20106 used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented from loading these resources. The server should enable TLS 1.2 or later. See https://www.chromestatus.com/feature/5654791610957824 for more information.

Error:

Access to XMLHttpRequest at 'https://sinsmbe1.insepa.net:20106/m3api-rest/execute/CRS610MI/LstByNumber;maxrecs=100;returncols=CUNO,STAT?CUNO=10000' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Warning:

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://sinsmbe1.insepa.net:20106/m3api-rest/execute/CRS610MI/LstByNumber;maxrecs=100;returncols=CUNO,STAT?CUNO=10000 with MIME type application/vnd.sun.wadl+xml. See https://www.chromestatus.com/feature/5629709824032768 for more details.

For debugging use this in firefox https://addons.mozilla.org/en-US/firefox/addon/cors-everywhere/ Recently in chrome updated its security extension doesn't work any more — Pranoy Sarkar, May 17 '19 at 10:42
You already asked this yesterday: https://stackoverflow.com/questions/56165837/how-make-connection-with-api-avoid-cors-in-this-code — Quentin, May 17 '19 at 11:09
"How to connect with that API? I need some API-KEY or something like that?" – You can't send an API key unless they give you permission to make the request. So no (or at least not yet). — Quentin, May 17 '19 at 11:10

vijju · Answer 1 · 2019-05-17T11:07:23.343

0

You have to add these headers at your start of the api :

res.header("Access-Control-Allow-Origin","*");
 res.header("Access-Control-Allow-Headers","Origin,X-Requested-With,Content-Type,Accept");

edited May 17 '19 at 11:07

answered May 17 '19 at 10:37

vijju

462
9
30

`var xmlhttp = new XMLHttpRequest(); xmlhttp.setRequestHeader("Access-Control-Allow-Origin","*"); xmlhttp.setRequestHeader("Access-Control-Allow-Headers","Origin,X-Requested-With,Content-Type,Accept");` Something like above? – omlette May 17 '19 at 10:53
where did you executing the code? – vijju May 17 '19 at 11:02
@omlette — No. The API has to add the headers in the response. You can't give your own code permission to access arbitrary websites using your visitor's browsers. – Quentin May 17 '19 at 11:10

How can I connect with api when my xmlhttprequest is blocked by CORS

1 Answers1