Origin null is not allowed by Access-Control-Allow-Origin

javascript null xmlhttprequest cors localhost
dudledok picture dudledok · Dec 10, 2011 · Viewed 284.8k times · Source

I have made a small xslt file to create an html output called weather.xsl with code as follows:

<!-- DWXMLSource="http://weather.yahooapis.com/forecastrss?w=38325&u=c" -->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
exclude-result-prefixes="yweather"
xmlns:yweather="http://xml.weather.yahoo.com/ns/rss/1.0" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#">
<xsl:output omit-xml-declaration="yes" indent="yes"/>
<xsl:strip-space elements="*"/>

<xsl:template match="/">
    <img src="{/*/*/item/yweather:condition/@text}.jpg"/>
</xsl:template>
</xsl:stylesheet>

I want to load in the html output into a div in an html file which I'm trying to do using jQuery as follows:

<div id="result">
<script type="text/javascript">
$('#result').load('weather.xsl');
</script>
</div>

But I am getting the following error: Origin null is not allowed by Access-Control-Allow-Origin.

I've read about adding a header to the xslt, but I'm not sure how to do that, so any help would be appreciated, and if loading in the html ouput can't be done this way, then advice on how else to do it would be great.

Answer

T.J. Crowder picture T.J. Crowder · Dec 10, 2011

Origin null is the local file system, so that suggests that you're loading the HTML page that does the load call via a file:/// URL (e.g., just double-clicking it in a local file browser or similar). Different browsers take different approaches to applying the Same Origin Policy to local files.

My guess is that you're seeing this using Chrome. Chrome's rules for applying the SOP to local files are very tight, it disallows even loading files from the same directory as the document. So does Opera. Some other browsers, such as Firefox, allow limited access to local files. But basically, using ajax with local resources isn't going to work cross-browser.

If you're just testing something locally that you'll really be deploying to the web, rather than use local files, install a simple web server and test via http:// URLs instead. That gives you a much more accurate security picture.

Related questions

How can I check for an empty/undefined/null string in JavaScript?

I saw this question, but I didn't see a JavaScript specific example. Is there a simple string.Empty available in JavaScript, or is it just a case of checking for ""?

Read More
How can I determine if a variable is 'undefined' or 'null'?

How do I determine if variable is undefined or null? My code is as follows: var EmpName = $("div#esd-names div#name").attr('class'); if(EmpName == 'undefined'){ // DO SOMETHING }; <div id="esd-names"> <div id="name"></div&…

Read More
Is there a standard function to check for null, undefined, or blank variables in JavaScript?

Is there a universal JavaScript function that checks that a variable has a value and ensures that it's not undefined or null? I've got this code, but I'm not sure if it covers all cases: function isEmpty(val){ return (val === …

Read More