1

I have an AJAX call trying to execute the following CORS request to a Web Server (I am currently testing using only the latest version of Chrome):

var xhr = new XMLHttpRequest(); xhr.open("get", "http://www.web_server_url.com/query", true); xhr.onload = function(){ }; xhr.send(null);

Meanwhile, I am still getting the following message:

XMLHttpRequest cannot load http://www.web_server_url.com/query. Origin http://localhost is not allowed by Access-Control-Allow-Origin.

Would someone know what I am missing?

Improve this question
0

1 Answer 1

Reset to default
1

The reason is exactly what it says in the error: The server at www.web_server_url.com is not allowing the localhost origin. It's up to the server to decide whether to allow the origin of the call. In this case, apparently it's not allowing it.

The way CORS works, the server replies to the request (or a "preflight" request) with headers either allowing or disallowing the origin on the basis of the information the browser sends it.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Thank you T.J. Since my request is a get one, using any preflighted parameters wouldn’t change anything, right? The server is the Google Trends one. One would have thought that their server should be opened, no?
Or perhaps because the origin is localhost?
@JF0001: You'll have to look at the Google Trends documentation to see what requests they allow via CORS. It could be that they disallow localhost but allow other hosts, or it could be that they don't support CORS at all (and, for example, expect you to use JSON-P instead).
Actually T.J., I thought that the message “is not allowed by Access-Control-Allow-Origin” originated from the browser, and not the server, no?
@JF0001: In general, the browser gives you that message because the server at the other end disallowed the request. So the message may be from the browser, but it's because of the information the target srever gave it. The browser can't decide whether to allow a cross-origin call on its own (except browsers that disallow all calls from file: protocols and such), it has to ask the target server.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.