Hi @web148, there’s nothing wrong with your code per se as far as I can tell… are you sure the URL is correct though? Try opening it with your browser directly:
PS: Actually you don’t even need to specify the full URL to use an absolute path – on the contrary, your app won’t work any more if you deploy it to a another host with a different URL.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost/mypath/myfile.php. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.
You cannot load content of a site from a different domain to your webpage. This is a security feature. Otherwise it would be easy to hack a page and show content of a complete other server and the user would never recognize it.
Incorrect. Headers can be added to the response. However, you need to have access to the origin to do that. You can also open up an api but enforce zero trust for security. Zero trust is the most reliable up to date security model for authenticating and authorizing requests between separate resources, apps, infrastructure. The simple way is adding CORs headers.
@m3g4p0p probably wanted a more specific answer. What is the complete URL of the main page that this ajax code is on?
Based on your posts, you may be switching between https and http. This alone can trigger the cross-organ blocking -
Due to browser security restrictions, most “Ajax” requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, port, or protocol.
Even “switching between https and http” nothing changes.
I guess that, as said @Thallius there is a security problem, but as replied @windbeneathmywings that could be bypassed. Therefore I think that the question is how bypass that restriction modifying the Access-Control-Allow-Origin, isn’t it?
Well if the origin is supposed to be the same, then why specify it in the first place? You’d have to change the code when deploying to another host with a different name, so just use the path name here…
I just confirmed that both of your examples work as expected, without any additional settings, when the domain, subdomain, port, and protocol are the same for the main page and for the ajax request.
What exactly did you change? Post your current full non-working code to get help with it.
And please answer directly if you want this to work where the two files are located on the same domain or on two different domains?
And as has already been written, why are you trying to make this work with an absolute URL, instead of just relative URLs?
BTW - These are URLs, which have a path component, after the filename. The first usage is a relative URL. The browser takes the URL of the current page and appends the relative URL from your code, to come up with the absolute URL to make the ajax request to. The second usage is directly putting an absolute URL into the code.
If you want to show content from another site this data must be loaded from the server not the client. So you call some server script on your domain and this server script is fetching the data from the other side and give it back to the client.