https://daveceddia.com/access-control-allow-origin-cors-errors-in-angular/

Getting this error in your Angular app?

No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

You’ve run afoul of the Same Origin Policy – it says that every AJAX request must match the exact host, protocol, and port of your site. Things that might cause this:

  • Hitting a server from a locally-served file (a request from file:///YourApp/index.html to http://api.awesome.com)
  • Hitting an external API (a request from http://yourapp.com to http://api.awesome.com).
  • Hitting an internal API (a request from http://yourapp.com to http://api.yourapp.com).
  • Hitting a different port on the same host (webapp is on http://localhost:3000, API is http://localhost:4000)
  • Requesting over http from https or vice-versa (requesting https://yourapp.com from http://yourapp.com)

To be clear, this is not an Angular error. It afflicts all web apps equally, and most of the fixes we’ll look at below are actually modifying the server or the browser.

How to fix it

Here are a few ways to solve this problem:

Best: CORS header (requires server changes)

CORS (Cross-Origin Resource Sharing) is a way for the server to say “I will accept your request, even though you came from a different origin.” This requires cooperation from the server – so if you can’t modify the server (e.g. if you’re using an external API), this approach won’t work.

Modify the server to add the header Access-Control-Allow-Origin: * to enable cross-origin requests from anywhere (or specify a domain instead of *). This should solve your problem.

2nd choice: Proxy Server

If you can’t modify the server, you can run your own proxy. And this proxy can return the Access-Control-Allow-Origin header if it’s not at the Same Origin as your page.

Instead of sending API requests to some remote server, you’ll make requests to your proxy, which will forward them to the remote server. Here are a few proxy options.

3rd choice: JSONP (requires server support)

If CORS and the proxy server don’t work for you, JSONP may help. You essentially make a GET request with a callback parameter:

(get) http://api.example.com/endpoint?callback=foo

The server will wrap the JSON reply in a function call to your callback, where you can handle it:

foo({"your": "json", here: true})

There are some downsides, notably that JSONP only supports GET requests and that you still need a cooperative server.

Dev-Only: Disable Same Origin

If this is only for development or learning purposes, the easiest thing to do is to disable the Same Origin Policy in your browser. Be aware that if you do this, you’re opening your browser up to security risks. Follow these instructions:

This is more of a last resort. Modifying the server to support CORS or running a proxy are the best approaches.

Armed and Dangerous

You’re all set now to tackle any Access-Control-Allow-Origin errors that come your way!

Access-Control-Allow-Origin: Dealing with CORS Errors in Angular的更多相关文章

  1. Access control allow origin 简单请求和复杂请求

    原文地址:http://blog.csdn.net/wangjun5159/article/details/49096445 错误信息: XMLHttpRequest cannot load http ...

  2. 解决js ajax跨越请求 Access control allow origin 异常

    // 解决跨越请求的问题 response.setHeader("Access-Control-Allow-Origin", "*");

  3. has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

    前端显示: has been blocked by CORS policy: Response to preflight request doesn't pass access control che ...

  4. Server-Side Access Control

    Firefox 3.5 implements the W3C Access Control specification.  As a result, Firefox 3.5 sends specifi ...

  5. How the problem solved about " Dealing with non-fast-forward errors"

    Recently ,I got confused When I use  git to push one of my project. The problem is below: And I Foun ...

  6. Oracle Applications Multiple Organizations Access Control for Custom Code

    档 ID 420787.1 White Paper Oracle Applications Multiple Organizations Access Control for Custom Code ...

  7. Browser security standards via access control

    A computing system is operable to contain a security module within an operating system. This securit ...

  8. .Net Core 处理跨域问题Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource

    网页请求报错: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Or ...

  9. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' heade

    XMLHttpRequest cannot load http://10.164.153.37:8050/WebService/WebService.asmx/wsGetStreetData. Res ...

随机推荐

  1. struts2:JSP页面及Action中获取HTTP参数(parameter)的几种方式

    本文演示了JSP中获取HTTP参数的几种方式,还有action中获取HTTP参数的几种方式. 1. 创建JSP页面(testParam.jsp) <%@ page language=" ...

  2. Python中的模块与包

    标准库的安装路径 在import模块的时候,python是通过系统路径找到这些模块的,我们可以将这些路径打印出来: >>> pprint.pprint(sys.path) ['', ...

  3. SQLSERVER吞噬内存解决记录

    现在手上有一个不大不小的系统,运行了一段时间,因为是24*7不断运行,所以内存逐渐增高,慢慢的会飙到95%以上,然后不得不重启电脑,因为用的是云,怕虚拟机重启down掉起不来,重启操作还只能在凌晨4. ...

  4. TabHost的用法(转)

    本文结合源代码和实例来说明TabHost的用法. 使用TabHost 可以在一个屏幕间进行不同版面的切换,例如android自带的拨号应用,截图:  查看tabhost的源代码,主要实例变量有: pr ...

  5. kail2在虚拟机上的安装

    首先先要安装虚拟机,打开安装包,下一步               选择典型 选择要安装到的目录,点下一步 4 输入密钥,下一步(密钥网上有很多我这边就例举一个,没用的话就自己找.我这个密钥是VM11 ...

  6. Apache2.4中开通HTTP基本认证

    Apache2.4中开通HTTP基本认证,需要在Apache的配置文件中增加如下代码 WSGIPassAuthorization On 否则则无法认证

  7. ios 关于文件操作 获取 文件大小

     分类: Apple IPhone2012-06-28 11:31 4664人阅读 评论(0) 收藏 举报 ios语言manager测试c c语言 实现 #include "sys/stat ...

  8. 理解RxJava:(四)Reactive Android

    在前三部分,我在通用层面介绍了RxJava的工作原理.但是作为一个Android开发者,如何在工作中使用它呢?下面是一些给Android开发者的RxJava的具体应用. RxAndroid RxAnd ...

  9. [转]C# 文本框只能输入数字

    调用TextBox的KeyPress事件 private void txtUserId_KeyPress(object sender, KeyPressEventArgs e){ //如果输入的不是数 ...

  10. Android View绘制过程

    Android的View绘制是从根节点(Activity是DecorView)开始,他是一个自上而下的过程.View的绘制经历三个过程:Measure.Layout.Draw.基本流程如下图: per ...