0

I have the following code for external api call in php that works fine however when I do this with jquery it gives CORS policy error .

$curl = curl_init();
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Authorization: ' . $token,'Accept: application/json'));
curl_setopt($curl, CURLOPT_URL, 'http://api.evalu-8.com/employee/readall');//?active=true
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);

$result = curl_exec($curl);
curl_close($curl);

However when I do the same in jquery it gives error : "Access to XMLHttpRequest at "" from origin "" has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status"

$.ajax({
url:'http://api.evalu-8.com/employee/readall',
crossDomain:true,
type: 'GET',
headers: {
  'Access-Control-Allow-Origin': '*',
  'Content-Type':'application/json'
},
beforeSend: function (xhr) {
  xhr.setRequestHeader('Authorization: Bearer ', 'token');
},
success:function(response){
}
});
Nazia
  • 1
  • Most Browsers have a security-feature, which allows JS to send requests only to the same site (where the JS was loaded from). – Top-Master Jan 02 '23 at 16:09
  • And this is not how "`Access-Control-Allow-Origin`" works; the remote site needs to return that header ("`evalu-8.com`"), which disables said browser-security-feature. – Top-Master Jan 02 '23 at 16:12
  • @Top-Master I have tried with Moesif cors extension, also tried to open chrome exe with "--disable-web-security" parameter still no success. Sorry but I don't have access to the remote site. Its an external api. The thing is that it is working fine in php, giving error in jquery only. I have tried with fetch as well but same error – Nazia Jan 03 '23 at 06:55

0 Answers0