0

So I am running two applications foo.com and bar.com using traditional cgi scripts on an apache server. I make an AJAX request from foo to bar. The request makes it to bar, executes but because the apache server does not add any CORS headers, the browser says the request failed.

The CORS documentation on MDN explains that the browser Javascript doesn't know the specifics of the failure, it just knows that the response failed.

My question is, does the response object contain the response returned by my cgi script and the browser just chose to show this as an error because it couldn't find the Access-Control-Allow-Origin header ?

From my inspection of the response object, it seems that the apache server did not send the response from the cgi script's output at all.

It is unclear, who is responsible for containing the response here:

  • Is it the apache server

  • Is it the fetch/XMLHTTP api

Note: I used jquery to make the AJAX calls

Improve this question

1 Answer 1

Reset to default
1

How do CORS response headers prevent browser javascript to access response object?

They don't. Your JS being unable to access the response data is the default behaviour. CORS headers can grant permission that would be denied by default.

The Same Origin Policy is implemented by the browser. The server doesn't know about it (except in so much as it might be explicitly configured to send CORS headers in the response).

The browser receives the HTTP response, determines that permission was not granted, and generates a response object saying as much which it provides to the JavaScript program.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.