Access-Control-Allow-Origin: Dealing with CORS Errors in Angular
https://daveceddia.com/access-control-allow-origin-cors-errors-in-angular/
Getting this error in your Angular app?
No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
You’ve run afoul of the Same Origin Policy – it says that every AJAX request must match the exact host, protocol, and port of your site. Things that might cause this:
- Hitting a server from a locally-served file (a request from
file:///YourApp/index.htmltohttp://api.awesome.com) - Hitting an external API (a request from
http://yourapp.comtohttp://api.awesome.com). - Hitting an internal API (a request from
http://yourapp.comtohttp://api.yourapp.com). - Hitting a different port on the same host (webapp is on
http://localhost:3000, API ishttp://localhost:4000) - Requesting over
httpfromhttpsor vice-versa (requestinghttps://yourapp.comfromhttp://yourapp.com)
To be clear, this is not an Angular error. It afflicts all web apps equally, and most of the fixes we’ll look at below are actually modifying the server or the browser.
How to fix it
Here are a few ways to solve this problem:
Best: CORS header (requires server changes)
CORS (Cross-Origin Resource Sharing) is a way for the server to say “I will accept your request, even though you came from a different origin.” This requires cooperation from the server – so if you can’t modify the server (e.g. if you’re using an external API), this approach won’t work.
Modify the server to add the header Access-Control-Allow-Origin: * to enable cross-origin requests from anywhere (or specify a domain instead of *). This should solve your problem.
2nd choice: Proxy Server
If you can’t modify the server, you can run your own proxy. And this proxy can return the Access-Control-Allow-Origin header if it’s not at the Same Origin as your page.
Instead of sending API requests to some remote server, you’ll make requests to your proxy, which will forward them to the remote server. Here are a few proxy options.
3rd choice: JSONP (requires server support)
If CORS and the proxy server don’t work for you, JSONP may help. You essentially make a GET request with a callback parameter:
(get) http://api.example.com/endpoint?callback=foo
The server will wrap the JSON reply in a function call to your callback, where you can handle it:
foo({"your": "json", here: true})
There are some downsides, notably that JSONP only supports GET requests and that you still need a cooperative server.
Dev-Only: Disable Same Origin
If this is only for development or learning purposes, the easiest thing to do is to disable the Same Origin Policy in your browser. Be aware that if you do this, you’re opening your browser up to security risks. Follow these instructions:
This is more of a last resort. Modifying the server to support CORS or running a proxy are the best approaches.
Armed and Dangerous
You’re all set now to tackle any Access-Control-Allow-Origin errors that come your way!
Access-Control-Allow-Origin: Dealing with CORS Errors in Angular的更多相关文章
- Access control allow origin 简单请求和复杂请求
原文地址:http://blog.csdn.net/wangjun5159/article/details/49096445 错误信息: XMLHttpRequest cannot load http ...
- 解决js ajax跨越请求 Access control allow origin 异常
// 解决跨越请求的问题 response.setHeader("Access-Control-Allow-Origin", "*");
- has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
前端显示: has been blocked by CORS policy: Response to preflight request doesn't pass access control che ...
- Server-Side Access Control
Firefox 3.5 implements the W3C Access Control specification. As a result, Firefox 3.5 sends specifi ...
- How the problem solved about " Dealing with non-fast-forward errors"
Recently ,I got confused When I use git to push one of my project. The problem is below: And I Foun ...
- Oracle Applications Multiple Organizations Access Control for Custom Code
档 ID 420787.1 White Paper Oracle Applications Multiple Organizations Access Control for Custom Code ...
- Browser security standards via access control
A computing system is operable to contain a security module within an operating system. This securit ...
- .Net Core 处理跨域问题Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource
网页请求报错: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Or ...
- Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' heade
XMLHttpRequest cannot load http://10.164.153.37:8050/WebService/WebService.asmx/wsGetStreetData. Res ...
随机推荐
- 小数量宽带用户的福音,Panabit 云计费easyradius 接口隆重发布,PA宽带计费系统
PA接口在早前就发布了,但是一直迟迟没有发布官方说明文档,由于最近问的客户较多,特写了这篇文档 由于PA使用标准radius认证协议,所以用户需要在本地搭建一个计费,由于大部分用户的数量只有几百个,不 ...
- CentOS下Red5安装
Red5介绍 Red5是一个采用Java开发开源的Flash流媒体服务器.它支持:把音频(MP3)和视频(FLV)转换成播放流: 录制客户端播放流(只支持FLV):共享对象:现场直播流发布:远程调用. ...
- 本博客停止更新,移至purecpp.org
声明:本博客停止更新,迁移至C++开源社区purecpp.org, 欢迎持续关注!
- python + hadoop (案例)
python如何链接hadoop,并且使用hadoop的资源,这篇文章介绍了一个简单的案例! 一.python的map/reduce代码 首先认为大家已经对haoop已经有了很多的了解,那么需要建立m ...
- UITabBarController的一些基础设置
利用代码添加UITabBarController - (BOOL)application:(UIApplication *)application didFinishLaunchingWithOpti ...
- Phantomjs 一些简单实用
Phantomjs是一个基于webkit的服务器端JavaScirpt API.它全面支持web而不需要浏览器支持,并且原生支持web的各种标准:DOM处理,CSS选择器,JSON,Canvas和SV ...
- Java程序性能优化Tip
本博客是阅读<java time and space performance tips>这本小书后整理的读书笔记性质博客,增加了几个测试代码,代码可以在此下载:java时空间性能优化测试代 ...
- Fiddler捕捉ASP.NET WebSite调用WebService、WCF服务
Fiddler默认会注册一个代理,有时会发现WebSite调用的WebService或者WCF服务无法被捕捉到.其实是由于运行的站点关联的应用程序池使用的账号和我们当前登陆操作系统的用户不同,自然它们 ...
- Web Component--01. 简介
Web Components 是什么? Web Components是W3C定义的新标准,它给了前端开发者扩展浏览器标签的能力,可以自由的定制组件,更好的进行模块化开发,彻底解放了前端开发者的生产力. ...
- mysql数据库事件调度(Event)
mysql中的事件调度器可以定时对数据库增加,删除和执行操作,相当于数据库中的临时触发器,与Linux系统中的执行计划任务一样,这样就可以大大降低工作量. 1.开启事件调度器 [root@node1 ...