ajax post request is No 'Access-Control-Allow-Origin' header is present on the requested resource.'

jquery ajax cross-domain cross-domain-policy
harishkumar329 picture harishkumar329 · Nov 26, 2013 · Viewed 29k times · Source

I'm just making an ajax post request and I'm getting an error like:

XMLHttpRequest cannot load https://xxx.com?redirect_uri=http://www.example.com. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://example.com' is therefore not allowed access.

And here I can see there is nothing different from my response domain and request domain except "www", so does "www" also cause this issue?

Answer

Rory McCrossan picture Rory McCrossan · Nov 26, 2013

The problem is because you are making a cross-domain AJAX request, which prevented by browser security - see the Same Origin Policy.

The request is expecting you to be making a request to a CORS enabled domain, hence why it is complaining about the non-existant header.

You either need to change your request to jsonp type, or use a server-side proxy to get the data.

Related questions

Check if same origin policy applies

Is there a "safe" way to check if the same origin policy applies to an URL before actually trying to use ajax methods? Here is what I have: function testSameOrigin(url) { var loc = window.location, a = document.createElement('a'); a.…

Read More
jQuery AJAX cross domain

Here are two pages, test.php and testserver.php. test.php <script src="scripts/jq.js" type="text/javascript"></script> <script> $(function() { $.ajax({url:"testserver.php", success:function() { alert("Success"); }, error:function() { alert("Error"); }, …

Read More
How to send a correct authorization header for basic authentication

I am trying to POST data from my API but I can't pass the basic authentication. I try: $.ajax({ type: 'POST', url: http://theappurl.com/api/v1/method/, data: {}, crossDomain: true, beforeSend: function(xhr) { xhr.setRequestHeader('Authorization', 'Basic [REDACTED]'); } }); …

Read More