How to set "Access-Control-Allow-Origin: *"?

Question

i have this simple HTML which calls a JS function:

<body>
    <h1 onclick="scrape()"> Scrape! </h1>
    ...
    <script src="main.js"></script>
</body>

And this JS script (main.js):

function scrape() {
    var xhttp = new XMLHttpRequest();
    xhttp.open("GET", "https://www.wikipedia.org/", true)
    xhttp.send();
}

When I run the scrape() function it returns an error because of the Same Origin Policy.

After reading an SO post about this problem I'm quite confused...

I read of "Access-Control-Allow-Origin: *" and this should make my site access to other sites' data, but I can't understand how to use it, could you please help me and tell me the way to make my function work?

This is not something that you need to implement. This is handled on backend so Wikipedia is allowing you to access this from a different origin. You can access this from no-browser environment — Zohaib Ijaz, Jan 28 '20 at 17:56

score 0 · Accepted Answer · answered Jan 28 '20 at 17:56

0

How to set “Access-Control-Allow-Origin: *”?

You or any backend developer should set that header on the server-side if the requirement is to allow access from different origins (domains, subdomains, Etc.). In this case, Wikipedia's backend is not setting that header for security reasons.

answered Jan 28 '20 at 17:56

Ele

33,468
7
37
75

Ok, so how can i scrape datas from other web site? – Flavié Jan 28 '20 at 17:59
@Flavié you can't, only the backend of the websites can allow the origin from where you are requesting. – Ele Jan 28 '20 at 18:03
So there are no ways i can acces to other web site's datas? I don't know, maybe using a third party program? – Flavié Jan 28 '20 at 18:05
Not with javascript. – StephenCollins Jan 28 '20 at 18:09
@Flavié like I said, the backend-side must set that header, if not, is not possible. Unless you have access to the backend code. – Ele Jan 28 '20 at 18:09

How to set "Access-Control-Allow-Origin: *"?

1 Answers1