-1

I am trying to consume data using XMLHttpRequest from cloud and getting the CORS error. Below is the code I am trying,

When I am using "chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security" it is working fine, but not without that:

function getSearchResults(){

    var data = null;

    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;

    xhr.addEventListener("readystatechange", function () {
        console.log(this.readyState);
        if (this.readyState === 4) {
            console.log(this.responseText);
        }
    });
}
xhr.open("GET", "My url");
xhr.setRequestHeader("authorization", localStorage.getItem("Tokens"));
xhr.setRequestHeader("cache-control", "no-cache");
xhr.setRequestHeader("postman-token", "b77db68c-749a-f452-3074-60aa33f2786e");
xhr.send(data);
...

How can I overcome this problem?

Suyash
  • 37
  • 6

2 Answers2

0

CORS is a security mechanism which is not meant for you to overcome. If it's your own server that's being queried, you'd have to adjust these headers on server-side:

Access-Control-Allow-Origin
Access-Control-Allow-Methods
Access-Control-Allow-Headers

CORS in a nutshell: An API decides where to accept requests from and how.

gekkedev
  • 562
  • 4
  • 18
-1

i think you need to set this on the server side. Are you using AWS or which kind of server?

johannesdz
  • 423
  • 1
  • 4
  • 11