0

I am making an http request, like an ajax, to a page of an API service for PDF printing.

MY problem is that if I make the request with http: //wwww.somepage/ the request is rejected by the api, it tells me the following message

Access to XMLHttpRequest at 'https://api.sejda.com/v2/html-pdf' from origin 'https://www.seinon.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin 'header is present on the requested resource.

I've forced it to include the Access-Control-Allow-Origin header a * for testing, and the request remains the same.

I need the www to maintain the sessions of the page, if not, they are lost and what I ask to print is blank

The api itself has a configuration parameter on its own website that is the source url that will allow the requests, I have set it to www.seinon.com and the problem continues the same

The header I have added with Response.AddHeader

What could be failing?

Pedro Jose
  • 442
  • 3
  • 19
  • 1
    Does this answer your question? [No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API](https://stackoverflow.com/questions/43871637/no-access-control-allow-origin-header-is-present-on-the-requested-resource-whe) – Ivar Jul 27 '21 at 11:16
  • I cannot depend on third party software to solve this. it has to be on our own server – Pedro Jose Jul 27 '21 at 11:44
  • Then create a proxy with your own server. So your webpage makes request to your own server (on the same domain) and the server makes the request to the API. The only way you can directly call `api.sejda.com` from your webpage, is when `api.sejda.com` returns the `Access-Control-Allow-Origin` header in their response. Only they decide whether they will send this header or not. That is not something you can change from the requesting side. – Ivar Jul 27 '21 at 11:50
  • It seems that there are times when he returns the head and others that he does not and I do not understand why. In a short period of time it has let me print 2 pdf files – Pedro Jose Jul 27 '21 at 11:57

1 Answers1

0

There are too many browsers to deal with on many platforms and they all have their quirks when, especially when it comes to security.

The only way to effectively surpass SameOrigin restrictions, especially when using JavaScript to display PDF from remote websites, was to GET the PDF file and save it locally where your web page can access it locally.

I tried everything else for days on end... proxy server, mod_headers, etc and nothing worked, including all of the recommended tweaks seen here and elsewhere.

GET the file, save locally and display from there.

WilliamK
  • 821
  • 1
  • 13
  • 32