?
Solved

No 'Access-Control-Allow-Origin' header is present...

Posted on 2016-09-11
4
Medium Priority
?
255 Views
Last Modified: 2016-09-13
When attempting to execute the following javascript:

var url = 'http://www.mywebsite.com/wp-content/private/data.json';
    
try {
      $.getJSON(url, function(result){
          console.log(result);
      });
} catch(e) {
      console.log(e);
}

Open in new window


I get this error: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://127.0.0.1:8080' is therefore not allowed access.

Here are the headers I am setting:
angular.module.config(['$httpProvider', function($httpProvider) {
        $httpProvider.defaults.headers.common = {'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Method': 'GET, POST'};
        $httpProvider.defaults.headers.post = {};
        $httpProvider.defaults.headers.put = {};
        $httpProvider.defaults.headers.patch = {};
        $httpProvider.defaults.useXDomain = true;
        $httpProvider.defaults.withCredentials = true;
        delete $httpProvider.defaults.headers.common['X-Requested-With'];
        $httpProvider.defaults.headers.common["Accept"] = "application/json";
        $httpProvider.defaults.headers.common["Content-Type"] = "application/json";
        }
    ]
)

Open in new window


What am I doing wrong?  Do I need to set something on the website?  If so what?
Thank you very much
0
Comment
Question by:Michael David
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 82

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 41793603
You need to add the header:
Access-Control-Allow-Origin *
or
Access-Control-Allow-Origin http://www.foo.com

Otherwise this is known as cross site scripting which is by default denied.  Since you are also not using a 'domain' in your instance you also have to
Access-Control-Allow-Origin http://127.0.0.1
0
 
LVL 58

Expert Comment

by:Julian Hansen
ID: 41793823
Here are the headers I am setting:
Those are the headers sent from the client.
You need to add the headers, Dave has in his post, to your server response.
0
 
LVL 82

Expert Comment

by:leakim971
ID: 41793839
you need to add a plugin like this in your wordpess site (mywebsite.com) znf configure it :
https://github.com/jacopotarantino/WordPress-Cross-Domain-Plugin

/!\ you MUST limit site doing request to your wordpress site
0
 

Author Closing Comment

by:Michael David
ID: 41795749
Thank you very much for your time and expertise.
0

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question