-1

I'm trying to connect api hosted on cloud and getting 403-Forbidden due to CORS issue.

    var url = "https://spring-demo-ysyfl4f26q-uc.a.run.app/getsummary";

    var xmlhttp = new XMLHttpRequest();

    xmlhttp.onreadystatechange = function() {
    if (this.readyState == 4 && this.status == 200) {
        var myArr = JSON.parse(this.responseText);
        myFunction(myArr);
        
    }else{
        myFunction('errorcode'+this.status+' error'+this.readyState+this.responseText);
        }
    };
    xmlhttp.open('GET', url);
    xmlhttp.setRequestHeader('Access-Control-Allow-Origin', '*');
    xmlhttp.setRequestHeader('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE, HEAD, OPTIONS');
    xmlhttp.setRequestHeader('key', 'PRODUCT');
    xmlhttp.setRequestHeader('Content-Type', 'application/json');
    xmlhttp.setRequestHeader('Access-Control-Allow-Headers', 'Content-Type, key,Access-Control-Allow-Headers,Access-Control-Allow-Origin, X-Requested-With');
    xmlhttp.withCredentials = false;
    xmlhttp.send();

script.js:75 GET https://spring-demo-ysyfl4f26q-uc.a.run.app/getsummary 403 (Forbidden)

Can anyone help in this, i'm able to get response via POSTMAN ? TIA

Dinesh
  • 23
  • 2
  • 7
  • you are setting resonse headers `Access-Control-Allow-*` in the request. Don't do that, remove those headers, that can break otherwise functioning CORS. If, after removing those headers you still get CORS errors, then you'll need to fix the server `spring-demo-ysyfl4f26q-uc.a.run.app` to send the CORS response headers as required – Bravo Jul 11 '21 at 11:31

1 Answers1

0

Enable CORS in cpanel to enable CORS in your hosting account. you can enable it adding the following lines in the .htaccess file in your hosting account.

<IfModule mod_headers. ...
Header set Access-Control-Allow-Origin "*"
</IfModule>

​ ​

m3h
  • 74
  • 2