Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

No 'Access-Control-Allow-Origin' header is present...

Posted on 2016-09-11
4
Medium Priority
?
440 Views
Last Modified: 2016-09-13
When attempting to execute the following javascript:

var url = 'http://www.mywebsite.com/wp-content/private/data.json';
    
try {
      $.getJSON(url, function(result){
          console.log(result);
      });
} catch(e) {
      console.log(e);
}

Open in new window


I get this error: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8080' is therefore not allowed access.

Here are the headers I am setting:
angular.module.config(['$httpProvider', function($httpProvider) {
        $httpProvider.defaults.headers.common = {'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Method': 'GET, POST'};
        $httpProvider.defaults.headers.post = {};
        $httpProvider.defaults.headers.put = {};
        $httpProvider.defaults.headers.patch = {};
        $httpProvider.defaults.useXDomain = true;
        $httpProvider.defaults.withCredentials = true;
        delete $httpProvider.defaults.headers.common['X-Requested-With'];
        $httpProvider.defaults.headers.common["Accept"] = "application/json";
        $httpProvider.defaults.headers.common["Content-Type"] = "application/json";
        }
    ]
)

Open in new window


What am I doing wrong?  Do I need to set something on the website?  If so what?
Thank you very much
0
Comment
Question by:Michael David
4 Comments
 
LVL 84

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 41793603
You need to add the header:
Access-Control-Allow-Origin *
or
Access-Control-Allow-Origin http://www.foo.com

Otherwise this is known as cross site scripting which is by default denied.  Since you are also not using a 'domain' in your instance you also have to
Access-Control-Allow-Origin http://127.0.0.1
0
 
LVL 61

Expert Comment

by:Julian Hansen
ID: 41793823
Here are the headers I am setting:
Those are the headers sent from the client.
You need to add the headers, Dave has in his post, to your server response.
0
 
LVL 83

Expert Comment

by:leakim971
ID: 41793839
you need to add a plugin like this in your wordpess site (mywebsite.com) znf configure it :
https://github.com/jacopotarantino/WordPress-Cross-Domain-Plugin

/!\ you MUST limit site doing request to your wordpress site
0
 

Author Closing Comment

by:Michael David
ID: 41795749
Thank you very much for your time and expertise.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to implement server side field validation and display customized error messages to the client.
A while back, I ran into a situation where I was trying to use the calculated columns feature in SharePoint 2013 to do some simple math using values in two lists. Between certain data types not being accessible, and also with trying to make a one to…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question