Origin is not allowed by Access-Control-Allow-Origin

Question

I m making an Ajax request to a remote PHP server in a Sencha Touch 2 application  wrapped in PhoneGap    The response from the server is the following      XMLHttpRequest cannot load http   nqatalog negroesquisso pt login php  Origin http   localhost 8888 is not allowed by Access-Control-Allow-Origin    How can I fix this problem

User · Answer

In Ruby Sinatra  response  Access-Control-Allow-Origin            for everyone or  response  Access-Control-Allow-Origin      http   yourdomain name

User · Answer

As Matt Mombrea is correct for the server side  you might run into another problem which is whitelisting rejection   You have to configure your phonegap plist   I am using a old version of phonegap   For cordova  there might be some changes in the naming and directory  But the steps should be mostly the same   First select Supporting files   PhoneGap plist    then under  ExternalHosts   Add a entry  with a value of perhaps  http   nqatalog negroesquisso pt  I am using   for debugging purposes only

User · Answer

If you get this in Angular js  then make sure you escape your port number like this   var Project    resource       http   localhost   5648 api         a   b              update    method   PUT               See here for more info on it

User · Answer

I wrote an article on this issue a while back  Cross Domain AJAX   The easiest way to handle this if you have control of the responding server is to add a response header for   Access-Control-Allow-Origin      This will allow cross-domain Ajax  In PHP  you ll want to modify the response like so    lt  php header  Access-Control-Allow-Origin         gt    You can just put the Header set Access-Control-Allow-Origin   setting in the Apache configuration or htaccess file   It should be noted that this effectively disables CORS protection  which very likely exposes your users to attack  If you don t know that you specifically need to use a wildcard  you should not use it  and instead you should whitelist your specific domain    lt  php header  Access-Control-Allow-Origin  http   example com     gt

User · Answer

If you re writing a Chrome Extension and get this error  then be sure you have added the API s base URL to your manifest json s permissions block  example    permissions          https   itunes apple com

User · Answer

If you don t have control of the server  you can simply add this argument to your Chrome launcher  --disable-web-security   Note that I wouldn t use this for normal  web surfing   For reference  see this post  Disable same origin policy in Chrome   One you use Phonegap to actually build the application and load it onto the device  this won t be an issue

User · Answer

if you re under apache  just add an  htaccess file to your directory with this content   Header set Access-Control-Allow-Origin     Header set Access-Control-Allow-Headers  content-type  Header set Access-Control-Allow-Methods

User · Answer

This might be handy for anyone who needs to an exception for both  www  and  non-www  versions of a referrer     referrer     SERVER  HTTP REFERER      parts   parse url  referrer     domain    parts  host      if  domain     google com               header  Access-Control-Allow-Origin  http   google com        else if  domain     www google com               header  Access-Control-Allow-Origin  http   www google com

User · Answer

We also have same problem with phonegap application tested in chrome  One windows machine we use below batch file everyday before Opening Chrome  Remember before running this you need to clean all instance of chrome from task manager or you can select chrome to not to run in background   BATCH   use cmd   cd D  Program Files  x86  Google Chrome Application chrome exe --disable-web-security

User · Answer

I will give you a simple solution for this one  In my case I don t have access to a server  In that case you can change the security policy in your Google Chrome browser to allow Access-Control-Allow-Origin  This is very simple    Create a Chrome browser shortcut Right click short cut icon -  Properties -  Shortcut -  Target    Simple paste in  C  Program Files Google Chrome Application chrome exe  --allow-file-access-from-files --disable-web-security   The location may differ  Now open Chrome by clicking on that shortcut

User · Answer

This was the first question answer that popped up for me when trying to solve the same problem using ASP NET MVC as the source of my data  I realize this doesn t solve the PHP question  but it is related enough to be valuable   I am using ASP NET MVC  The blog post from Greg Brant worked for me  Ultimately  you create an attribute   HttpHeaderAttribute  Access-Control-Allow-Origin          that you are able to add to controller actions   For example   public class HttpHeaderAttribute   ActionFilterAttribute       public string Name   get  set        public string Value   get  set        public HttpHeaderAttribute string name  string value                Name   name          Value   value             public override void OnResultExecuted ResultExecutedContext filterContext                filterContext HttpContext Response AppendHeader Name  Value           base OnResultExecuted filterContext             And then using it with    HttpHeaderAttribute  Access-Control-Allow-Origin         public ActionResult MyVeryAvailableAction string id        return Json   Some public result

User · Answer

If you have an ASP NET   ASP NET MVC application  you can include this header via the Web config file    lt system webServer gt              lt httpProtocol gt           lt customHeaders gt               lt  -- Enable Cross Domain AJAX calls -- gt               lt remove name  Access-Control-Allow-Origin    gt               lt add name  Access-Control-Allow-Origin  value       gt           lt  customHeaders gt       lt  httpProtocol gt   lt  system webServer gt

User · Answer

You may make it work without modifiying the server by making the broswer including the header Access-Control-Allow-Origin    in the HTTP OPTIONS  responses   In Chrome  use this extension  If you are on Mozilla check this answer

User · Answer

I ve run into this a few times when working with various APIs  Often a quick fix is to add   amp callback    to the end of a string  Sometimes the ampersand has to be a character code  and sometimes a        callback     see Forecast io API Usage with jQuery

User · Answer

This is because of same-origin policy  See more at Mozilla Developer Network or Wikipedia   Basically  in your example  you need load the http   nqatalog negroesquisso pt login php page only from nqatalog negroesquisso pt  not localhost

User · Answer

When you receive the request you can   var origin    req headers origin            than when you have to response go with something like that   res writeHead      206                 Access-Control-Allow-Credentials   true           Access-Control-Allow-Origin   origin

User · Answer

In Ruby on Rails  you can do in a controller   headers  Access-Control-Allow-Origin

User · Answer

If you re using Apache just add    lt ifModule mod headers c gt      Header set Access-Control-Allow-Origin     lt  ifModule gt    in your configuration  This will cause all responses from your webserver to be accessible from any other site on the internet  If you intend to only allow services on your host to be used by a specific server you can replace the   with the URL of the originating server   Header set Access-Control-Allow-Origin  http   my origin host

[javascript] Origin is not allowed by Access-Control-Allow-Origin

Examples related to javascript

Examples related to ajax

Examples related to cors

Examples related to xmlhttprequest

Examples related to cross-domain