This question already has answers here:
How to enable CORS in flask
(11 answers)
Closed 6 months ago.
I am trying to retrieve data(string) from a flask server with the a GET request and the
xhttp.responseText is always an empty string.
Here is my python code
Here is my Html code
edit:
console tab says: Access to XMLHttpRequest at 'http://127.0.0.1:5000/' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Instead of triggering the GET from your front-end, can you build the same GET request in Postman and check if it still returns an empty string? (i.e. as a way to debug the issue)
See: Building requests
Related
This question already has answers here:
XMLHttpRequest cannot load XXX No 'Access-Control-Allow-Origin' header
(11 answers)
Closed 3 years ago.
I'm starting to despair.
I run a Wordpress website where I call various rest API interfaces. The problem is that some of my calls are blocked. I have already edited in the various wp files (function.php, http.php, .htaccess, etc.) but without success. The problem persists, but the odd thing is that only certain API calls will be blocked.
These are two example calls:
var httpRequest1 = new XMLHttpRequest();
httpRequest1.open("GET", "https://api.coingecko.com/api/v3/simple/price?ids=bitcoin&vs_currencies=usd", false);
httpRequest1.send(null);
var jSONText1 = httpRequest1.responseText;
var httpRequest2 = new XMLHttpRequest();
httpRequest2.open("GET", "https://siamining.com/api/v1/network", false);
httpRequest2.send();
var jSONText2 = httpRequest2.responseText;
The first call works without problems and i get responding Json, but with the second I get the following error message:
Access to XMLHttpRequest at 'https://siamining.com/api/v1/network' from origin 'http://my-website.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
In various files I tried ,
Access-Control-Allow-Origin: *
to insert, but that was synonymous with no success. I do not understand what the difference between the two calls is and why the second one get blocked.
The https://siamining.com/api/v1/network have the Access-Control-Allow-Origin header set to false.
The only way to circumvent it is to make the request server side having your own server that talks with siamining.com and from your wordpress javascript now you call your server endpoint that gives the reponse you want.
This question already has answers here:
How does the 'Access-Control-Allow-Origin' header work?
(19 answers)
No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API
(26 answers)
Closed 3 years ago.
I am attempting to read a csv form the source https://stats.oecd.org/Index.aspx?DataSetCode=WILD_LIFE.
Let x be the url above.
<script type="text/javascript">
var data_threatened = d3.csv(x)
.then(function(data){
console.log(data);
})
</script>
However, when I run this script on my local host, I receive the following message:
Access to fetch at
'https://stats.oecd.org/Index.aspx?DataSetCode=WILD_LIFE' from origin
'http://localhost:8888' has been blocked by CORS policy: No
'Access-Control-Allow-Origin' header is present on the requested
resource. If an opaque response serves your needs, set the request's
mode to 'no-cors' to fetch the resource with CORS disabled.
Uncaught (in promise) TypeError: Failed to fetch
Is there a way around this block?
Fetching the file and serving it from the same origin as the script runs would be the most easy. eg. PHP cares little about CORS (assuming that this file occasionally changes). In case it doesn't change, even manually placing it there would suffice.
To let a server-side script fetch the file and then serve it as same-origin, without caching it:
<?php
$url = "https://stats.oecd.org/Index.aspx?DataSetCode=WILD_LIFE";
header("Content-type: text/csv");
echo file_get_contents($url);
?>
Any server-side scripting language should be capable of doing so; I used PHP just to provide an example. One could make WILD_LIFE a variable, so that it could be used to fetch any data-set.
This question already has answers here:
Why doesn't adding CORS headers to an OPTIONS route allow browsers to access my API?
(36 answers)
How does the 'Access-Control-Allow-Origin' header work?
(19 answers)
No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API
(26 answers)
Closed 4 years ago.
im trying to make a simple request to an API
fetch('someurl').then((data) => console.log(data))
but im getting the classic No 'Access-Control-Allow-Origin' header is present on the requested resource.
how can I fix this on the client side? or is the only way to fix it for the API author to change it and add the correct response headers?
To deepen you understand on CORS have a look at MDN's article on Cross-Origin Resource Sharing (CORS). It's pretty extensive.
Using jsonP you would be able to work around this when making simple GET requests. See also this older, short and sweet article that explains it in more detail. How JSONP Works.
The Wikipedia Definition of JSONP is as follows:
a communication technique used in JavaScript programs which run in Web
browsers. It provides a method to request data from a server in a
different domain, something prohibited by typical web browsers because
of the same origin policy.
With that in mind, let look at the following example and make the request.
$(document).ready(function() {
$.getJSON("https://jsonplaceholder.typicode.com/users?callback=?", function(json){
console.log('getJSON call: ', json);
});
})
FETCH does not support jsonp
After a bit of research, it does turn out that the Fetch API does not support jsonP requests. If you have a look at this jsFiddle example you'll see that the $.getJSON call returns data when used with the suffix ?callback=? while the 'fetch()' call fails and returns a CORS message. Open the console to see the result of both calls.
Your question in the comments
Also, do you know why fetch({ url : 'https://randomurl" }) would not
get a CORS blockage but fetch('https://randomurl') would?
The first argument you provide to fetch is a string/URL, the second (optional) argument can be an options object {}. Because you provide an object as the first argument, that URL cannot be found. The reason why it doesn't give you a CORS blockage is because you provided an invalid URL, which returns a 404 status. Fetch deals with page cannot be found errors by returning a 200 OK status and in the JSON returned it will provide you with more info.
The Promise returned from fetch() won’t reject on HTTP error status
even if the response is an HTTP 404 or 500. Instead, it will resolve
normally (with ok status set to false), and it will only reject on
network failure or if anything prevented the request from completing.
Source: MDN docs
I hope this helped a bit in broadening your understanding of CORS and the how Fetch works.
You can find some workaounds in Why does my JavaScript get a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error when Postman does not? but you can't solve the problem from the client. It must be solved on server by setting correct headers that allow it...
This question already has answers here:
XMLHttpRequest cannot load XXX No 'Access-Control-Allow-Origin' header
(11 answers)
Closed 5 years ago.
I'm encountering a bit of a strange issue when making an Ajax cross domain request. I get the following error in the console of chrome dev tools:
No 'Access-Control-Allow-Origin' header is present on the requested resource error
However, when I look at the network requests, it passes the browsers CORS preflight request because request changes from OPTIONS which it was when it was failing preflight request to GET, and the response is as I would get via postman. However, the Ajax failure message is triggered so even though in dev tools the request appears to succeed, I can't access the successful response via the JavaScript.
Additional info is that the file that is making the ajax request is just an HTML file with inline JavaScript that I open directly from the file directory. I'm thinking this might be my problem but couldn't find anything that explicitly says this so I am wanting confirmation.
Note with respect to the API: the appropriate access control headers are set
You have to pass some (if not all, I haven't checked) with every response, not only the response to the pre-flight OPTIONS request.
This question already has answers here:
Ways to circumvent the same-origin policy
(8 answers)
Closed 8 years ago.
I'd like to get the text on this page:
https://cvo-v025.cvo-zwfryslan.nl/display/ToonBerichten.aspx?uid=ctl14&pid=723df4e4-248f-4df6-b3ad-751b410daab7&id=1c76d69d-d858-44d9-8a47-e65e9f294898
Php cUrl isn't working, YQL isn't working (but didn't give an error), javascript didn't work, the error message was:
XMLHttpRequest cannot load https://cvo-v025.cvo-zwfryslan.nl/display/ToonBerichten.aspx?uid=ctl14&pid=…3df4e4-248f-4df6-b3ad-751b410daab7&id=1c76d69d-d858-44d9-8a47-e65e9f294898. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://--------.nl' is therefore not allowed access.
Is there a way for me to get the text from that page?
The page you're trying to fetch text from actually makes a POST request to another resource to fetch the text via XHR. When you open Firebug or similar, you should see the POST request, its URL and response. It would appear that you need to have a session on the site to actually fetch anything, as making a POST request to that URL fails to retrieve anything useful.
Copying the request as CURL does yield a working terminal command, along with all sent headers, but I doubt it will be helpful if you wish to do this programmatically.