1

I have been working on a personal webapp and have hit a little snag. My API calls only work for some APIs and not for others. For the ones it doesn't work with I will usually get an error message like so.

XMLHttpRequest cannot load https://api.meetup.com/2/cities. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

After doing some research I know it is to do with CORS not being setup. I was wondering if it would be possible to set this up in the client when making an AJAX request. The current way I am doing this is like so

var handleRequest = function(request){ $.ajax({ type: "GET", url: request, success: function(data) { var rawJSON = JSON.stringify(data, null, 2); editor.setValue(rawJSON); }, dataType: 'json' });
Improve this question
5
  • 1
    The server you request the data from has to enable CORS. There is no way to do this on the client side. Commented Dec 11, 2016 at 16:31
  • No, because that would make cross-origin request restrictions completely pointless. Commented Dec 11, 2016 at 16:32
  • Then how to applications like postman work? They are built for their users to make API calls. Commented Dec 11, 2016 at 16:34
  • Applications don't have the same restrictions as web sites accessed with browsers. Commented Dec 11, 2016 at 16:36
  • In that case could I set this up to send requests to my own server to then make the api calls? Commented Dec 11, 2016 at 16:40

2 Answers 2

Reset to default
3

The server you're trying to access has to grant you permission to access it. An IT admin has to provide you with a URL that grants you permission to hit their external server. The server you are trying to hit has to setup CORS. http://enable-cors.org/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

According to their docs they support JSONP.

https://www.meetup.com/meetup_api/

This is your way around CORS.

Improve this answer

5 Comments

This is just one example of an API call that my application would make. I am just making something like postman as a bit of fun. I realise now that I am probably asking the wrong question. Is it possible to make it so that I can receive a response from any api call, given the correct authentication details? e.g. apis that support jsonp and others that support json?
it all depends on the service you are trying to call. if service supports and allows to use JSONP, then you are fine (cause it essentially loads the responses as scripts). In other cases you need access to the server code to make browsers happy with the responses, since browser will reject responses of origins headers do not match.
So I am still a little confused. Is it only applications that are running on the browser that will suffer from this issue? For instance I could easily use curl to make the same call and get a response whereas if I use my application in the browser it will fail for some.
yes. it is a security feature of the browsers which is meant to protect the users from some attacks.
In that case it seems the solution to my problem is to make the API calls from an application on a server and, from the browser, make requests to my application. The only problem with this is my server's IP is going to be the one making all of the API calls which means it could get blocked. I want the users IP to be the one making the requests.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.