Solved

XMLHttpRequest returns Access-Control-Allow-Origin

Posted on 2014-11-19
4
2,511 Views
Last Modified: 2014-11-19
Hi All,

I have the following code;

<script src="https://code.jquery.com/jquery-1.10.2.js"></script>

<table class="mGrid" id="jsondata">
<thead>
<th>ID</th>
<th>Customer</th>
<th>Contact</th>
</thead>
<tbody></tbody>
</table>
</div>

<script type="text/javascript">

$(document).ready(function(){
	var url="https://www.mywebsite.com/getjson.php";
	$("#jsondata tbody").html("");
	$.getJSON(url, function(data){
				format: "jsonp"
				$.each(data.users, function(i,user){
					var newRow = "<tr>"+"<td>-</td>"+"<td>"+user._9+"</td>"+"<td>"+user.Con_ConName+"</td>"+"</tr>" ;
					$(newRow).appendTo("#jsondata tbody");
				});
	});
});

</script>

Open in new window


That uses getJSON to grab some data from the server.  This works well on the local server.  However I need to run it via a different URL.  When I do this I get the following error

XMLHttpRequest cannot load https://www.mywebsite.com/getjson.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 401.


A lot of people on the internet highlight is a cross site security issue.

I have full control over everything, so can make changes to the server (IIS7)


Any suggestions?
0
Comment
Question by:detox1978
  • 3
4 Comments
 
LVL 18

Accepted Solution

by:
Greg Alexander earned 500 total points
Comment Utility
On your remote file you can add a php header:

<?php
header('Access-Control-Allow-Origin: https://www.mywebsite.com');
?>

Open in new window

0
 
LVL 2

Author Comment

by:detox1978
Comment Utility
The connecting page is actually embedded in an HTML5 Blackberry application.

is there a way to tell what the URL it uses?  maybe via a PHP page on the server it could connect to.

Alternatively, is there a way to switch it off/allow everyone
0
 
LVL 2

Author Comment

by:detox1978
Comment Utility
After a little digging around I found an article that said to enable that setting on IIS I need to add the following to my web.config file;

<?xml version="1.0" encoding="utf-8"?>
<configuration>
 <system.webServer>
   <httpProtocol>
     <customHeaders>
       <add name="Access-Control-Allow-Origin" value="*" />
     </customHeaders>
   </httpProtocol>
 </system.webServer>
</configuration>

Open in new window



I now see the following error message in the console log

GET https://www.mywebsite.com/getjson.php. 401 (Unauthorized) 

Open in new window


followed by

XHR finished loading: GET "https://www.mywebsite.com/getjson.php". 

Open in new window

0
 
LVL 2

Author Closing Comment

by:detox1978
Comment Utility
The web.config change I mentioned fixed the issue.  The second 401 was because the web server didnt have anonamous access enabled.

many thanks
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now