Access to XMLHttpRequest at '...' from origin 'http://...' has been blocked by CORS policy

Asked 11/1, 2022 at 10:37 Answered 23/2 at 2:17

So my problem is:

Whenever I try to make an XMLHttpRequest to my HTTP server from my web page (same machine, different port), I get blocked with this error:

Access to XMLHttpRequest at 'localhost:8081' from origin 'http://localhost:8080' has been blocked by CORS policy:
Cross-origin requests are only supported for protocol schemes: HTTP, data, chrome, chrome-extension, brave, chrome-untrusted, HTTPS.

Why does this happen?

Sample client (Browser):

var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
    // Use data...
};
xhttp.open("GET", "localhost:8081", true);
xhttp.send();

Sample server (NodeJS, HTTP library):

const server = http.createServer((req, res) => {
  if(req.url != '/') return res.end('404');
  res.writeHead(200, {
    'Content-Type': 'text/html'
  })

  const json = {
    // Data...
  }

  res.write(JSON.stringify(json))
  res.end()
});

server.listen(8081)

Solved, thanks to Quentin in the comments :D

Enrich answered 11/1, 2022 at 10:37 Comment(4)

Typo: You forgot the http:// bit of the URL. – Eddington 11/1, 2022 at 10:41

Of course, fixing that will give you a more regular CORS error, but you'd done nothing to support it in the server anyway. – Eddington 11/1, 2022 at 10:41

see https://mcmap.net/q/56283/-xmlhttprequest-cannot-load-xxx-no-39-access-control-allow-origin-39-header – Eddington 11/1, 2022 at 10:41

Unrelated to the issue at hand, but 'Content-Type': 'text/html' and res.write(JSON.stringify(json)) really doesn't make sense. JSON is not HTML. – Eddington 11/1, 2022 at 10:42

The answer is here.

It's a problem with the privacy of your browser and there are two ways that you could fix it:

Allowing requests from everywhere on your browser
Put controllers inside the header access control information.

The entire answer is on the link above

Adenectomy answered 11/1, 2022 at 10:48 Comment(0)

I was facing this issue: Access to XMLHttpRequest at "Node.js server URL" from origin "React app URL" has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I resolved this issue by adding below lines of code in my index.js(main server file):

app.use((req, res, next) => {
  res.header(
    "Access-Control-Allow-Origin",
    "React app URL"
  );
  res.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
  res.header("Access-Control-Allow-Headers", "Content-Type");
  next();
});

Alisonalissa answered 14/1 at 8:13 Comment(0)

when you start working with a full stack application. but basically, all that it means is that our front-end and back-end are running on different origins(ports).and therefore they (back-end/front-end) are not allowed to talk each other .. Order to fix this error, it just go into your front-end ./root open ./root folder up the package.json file and you can add to another key:value to

"proxy":"http://localhost:8080/"

just adding proxy in pakage.json file

Demarche answered 23/2 at 2:17 Comment(1)

Isn’t this entirely specific to create-react-app? – Freed 16/7 at 17:39

Recommended topics

Hot tags