1

I have searce a lot of solutions about AJAX call CORS, but I still can not get XML data from that other server.

This is console note:

XMLHttpRequest cannot load url.xml. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access

I have follow instructions from: http://www.html5rocks.com/en/tutorials/cors/ section: CORS from jQuery, this is code that I try:

$.ajax({
    type:'GET',
    url:'http://www.someurl.xml',
    contentType:'text/plain',
    xhrFields:{
        withCredentials: false
    },
    headers: {
        'Access-Control-Allow-Origin':'http://localhost:8080',
        'Access-Control-Allow-Method':'GET',
        'Access-Control-Allow-Headers':'Content-Type,x-requested-with,Authorization,Access-Control-Allow-Origin'
    },
    success: function(data){
        var test = data;
    }
});

I know that this question has been asked for many times, but no answer help to fix my problem.

For testing in localhost I am using IIS 8.5

DaniKR
  • 2,418
  • 10
  • 39
  • 48

2 Answers2

2

The headers section in your $.ajax code adds headers to the request to the server, but CORS headers need to be present on responses from the server.

Working with IIS, you can add those headers with a few lines in the <system.webServer> section of your web.config. Adding this will get you started for GET requests:

<system.webServer>
 <httpProtocol>
  <customHeaders>
   <add name="Access-Control-Allow-Origin" value="*" />
  </customHeaders>
 </httpProtocol>
</system.webServer>

See this post for more information: http://encosia.com/using-cors-to-access-asp-net-services-across-domains/

Dave Ward
  • 59,815
  • 13
  • 117
  • 134
  • I try this, but I get this error: HTTP Error 500.19 - Internal Server Error. But still this is no help of me, because I am just testing it in IIS, because server where would be app, server is not using IIS – DaniKR Apr 20 '15 at 12:58
  • @krnekires If you don't have any other web.config yet, you'll need a little more than just the `system.webServer` bit for it to be a valid web.config. Try using this one: https://github.com/Encosia/Encosia-Samples-ASMX-CORS/blob/56efe91729460a8b6baf9f28fe2392244e3e311a/Web.config – Dave Ward Apr 20 '15 at 13:43
  • now I got only No 'access-control-allow-origin' note in console. Is maybe something wrong with url that I am getting data? This is url: http://www.meteo.si/uploads/probase/www/fproduct/text/sl/fcast_SLOVENIA_latest.xml (it is public) – DaniKR Apr 20 '15 at 13:57
  • @krnekires It seems like your server is apache, not IIS. Apache will ignore the web.config file. On apache, you can do the same thing by putting `Header set Access-Control-Allow-Origin "*"` in your `.htaccess`. – Dave Ward Apr 20 '15 at 15:28
1

The CORS headers must be sent by the server you are making the call to, you cannot provide them with the request itself.

When making a request across domains, your browser will perform a preflight request to get the relevant CORS headers before actually requesting data (I believe this uses the OPTION method).

If the CORS headers from preflight include the current origin or a wildcard matching it, then the browser will continue on with the real request and fetch some data.

ssube
  • 47,010
  • 7
  • 103
  • 140