We Keep Coding

Trying to get json from mercadolibre api but always gets the same cors error?

I am trying to consume a mercadolibre API that returns a json with some data that I need to use.
But everytime I tried by an ajax GET request it returns the same error:
"Response to preflight request doesn't pass access control check: It does not have HTTP ok status"
I Think it is a CORS issue, but I have tried everything on headers while the request (which is corssed domain) and nothing seems to work.
Here is the way I am doing the ajax request:
if (obtieneCotizaciones == 'true' && token != null) {
var sellerID = '499777238';
$.ajax({
type: "GET",
url: "https://api.mercadolibre.com/quotations?access_token="+token+"&seller.id="+sellerID+"&caller.type=seller",
contentType: "application/json",
headers: {
'Access-Control-Allow-Credentials' : true,
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods':'GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS',
'Access-Control-Max-Age': '604800',
'Access-Control-Allow-Headers': 'Content-Type',
'Access-Control-Allow-Headers':'application/json',
'Access-Control-Allow-Headers': 'x-requested-with'
},
success: function(data) {
console.log(data);
},
error: function(error) {
console.log(error)
console.log("FAIL");
}
});
}
Any Idea how could I solve this? don't mind for 'token' and 'obtieneCotizaciones' variables, they are just needed to make the request and I obtein them before doing the request.

Have you tried removing all of the headers? They are triggering a pre-flight which is why it's failing with that error.

how to post data to web service

Problem Description:- i am trying to call web services of different domain(i.e. Systems are not connected locally with each other) so i am getting error:-"Failed to load https://sap.atlassian.net/: Response for preflight is invalid (redirect)"
var username = "pra#sap.com";
var password = "Sa8";
$.ajax({
type: 'POST',
data: data1,
url: 'https://sap.atlassian.net',
dataType: 'json',
contentType: "application/json",
crossDomain: true,
ProcessData: true,
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials": "true",
"Access-Control-Allow-Methods": "POST, GET, PUT, DELETE, OPTIONS",
"Access-Control-Allow-Headers": "accept, X-Custom-Header, x-requested-with, X-Auth-Token, Content-Type"
},
beforeSend: function(xhr) {
xhr.setRequestHeader("X-Atlassian-Token", "no-check");
xhr.setRequestHeader('Authorization', "Basic" + btoa(username + ":" + password));
},
success: function(data) {
console.log("success");
},
error: function(e) {
console.log(e);
}
});

First, you might need to double-check URL. There must be some relative URL as well.
This is related to preflight. See https://www.gyanblog.com/gyan/39-explaining-issue-response-preflight-request-doesnt-pass-access-control-check
Can you post detailed stacktrace?
PS: Its always bad practice of putting your username/password openly. You should immediately change your password!

CORS header ‘Access-Control-Allow-Origin’ does not match ‘(null)’ on Ajax request

But the same error into browser
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://abc-test123.com/login. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘(null)’).
My Browser supports Cors
I have an extenstion of Cors for Chrome and CorsE ad-ons for Firefox
All API's working perfectly from same domain into my localhost server but one of our project API's are not working anymore
We are working on Slim Framework here is PHP file Code
$corsOptions = array(
"origin" => "*",
"exposeHeaders" => array("X-My-Custom-Header", "X-Another-Custom-Header"),
"maxAge" => 1728000,
"allowCredentials" => True,
"allowMethods" => array(" PUT, GET, POST, DELETE, OPTIONS"),
"allowHeaders" => array("X-PINGOTHER")
);
$cors = new \CorsSlim\CorsSlim($corsOptions);
$app->add($cors);
I am calling ajax function(which was working before)
var dataString = {
username: "test",
password: "test123"
}
$.ajax({
method: "POST",
url: varURI, //My url variable
data: dataString,
crossDomain: true,
success: function(data)
{
if(data.status == "success")
{
alert("Success");
}
else
{
alert("Failure");
}
}
});
I have tried below new things after API error
//(1)
$.support.cors = true;
//(2)
$.ajax({
method: "POST",
url: varURI, //My url variable
data: dataString,
dataType: "jsonp",
async: false, //and true too
crossDomain: true,
success: function(data)
{}
});
But the same error...
I have checked many questions and applied everything then after asked question here. So need help or any require info which I am missing here.

Add following code in your .htaccess
<ifModule mod_headers.c>
Header set Access-Control-Allow-Origin: *
</ifModule>
And also look on answer from this link
http://enable-cors.org/server_apache.html

Can not retrieve data between domain and sub domain

I have an Ajax request on a domian xyz.com and I am performing an
Ajax request from xyz.com to pull data from abc.xyz.com
var request = $.ajax({
type: "POST",
url: "https://abc.mno.com/vending/mainvending.php",
data: {vlu:"1"},
dataType: 'json',
timeout: 10000,
crossDomain: true,
async: true,
cache: false,
headers: { "cache-control": "no-cache" },
error: function( jqXHR, textStatus, errorThrown )
{
alert("error : " + errorThrown + " text :"+textStatus + " j :" +jqXHR.status);
// alert(jqXHR.responseText);
},
success: Succeeded,
beforeSend: function( xhr ) { }
});
but I keep getting this error which is consoled out in the browser (Chrome)
XMLHttpRequest cannot load https://abc.xyz.com/vending/mainvending.php. Request header field cache-control is not allowed by Access-Control-Allow-Headers in preflight response.
In the mainvending.php the codes are as follows
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
require_once 'vendors.php';
if(!empty($_POST)){
/** Other codes follow **/
}else{
/** Other codes follow **/
}
?>
what am I not doing or what am I doing wrong? The domain name is xyz and the domain I am retrieving data from is of a sub domain could that be the issue and how do I go around this.

Your error message says that the server isn't allowing you to send a cache-control header.
You are doing that here:
headers: { "cache-control": "no-cache" },
… cache-control is a response header, so it makes no sense to include it in a request.
Remove that line.
(Alternatively, you could add it to the Access-Control-Allow-Headers header that you are already setting).

You can do one of the following two things:-
Remove this key-value pair from your AJAX config
headers: { "cache-control": "no-cache" },
Add cache-control header to your PHP code to allow it.
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token, cache-control');

Try setting these headers
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: PUT, GET, POST");
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");

SOAP request through jQuery AJAX

I have a server running a service, I want to run at some interval a ping request to the service so I can know when it's ready or not.
Got the following ping.dat file:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:dvt="[private]">
<soapenv:Header />
<soapenv:Body>
<dvt:Ping/>
</soapenv:Body>
</soapenv:Envelope>
And the following Javascript functions (which will be included into the setInterval() function):
function doAjax() {
//load request document
$.ajax({
cache: false,
crossDomain: true,
async: true,
dataType: 'xml',
type: 'POST',
data: null,
url: "./ping.dat",
error: function(xhr, sta, err){ alert(err); },
success: function(ret, sta, xhr){
//ping service
$.ajax({
cache: false,
crossDomain: true,
async: false,
processData: false,
contentType: "text/xml; charset=\"UTF-8\"",
dataType: 'xml',
data: processXML(xhr.responseText),
type: 'POST',
url: "[private]",
error: function(xhr, sta, err){
alert(err);
},
success: function(ret, sta, xhr){
$('#response').text($.trim(ret));
},
complete: function(xhr, sta){
alert('complete');
},
});
}
});
}
function processXML(text){
var ret = null;
if ((typeof(ret) !== 'undefined')&&(text !== null)&&(text.length !== 0))
ret = $.trim(text.replace(/[\n\t]+/g, ''));
return ret;
}
When I use SoapUI to call the service and load the ping request, it works.
When I use the JS functions, browser reports:
OPTIONS [private] 200 (OK) jquery-1.10.2.js:8706
XMLHttpRequest cannot load [private]. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.
What's causing this?

The message is clear: No 'Access-Control-Allow-Origin' header is present on the requested resource.
If you are indeed doing a cross domain Ajax request, then the server must respond with the appropriate HTTP headers. Browser issues an OPTIONS HTTP request and checks to see if the server "approves" access by looking at the received headers. If the headers are missing then the browser is obligated to return an error and disallow the request to the resource.
See here for details: HTTP access control (CORS)
SoapUI is not affected by the same origin security policy like a browser is, so that's why pinging the web service from SoapUI works.