Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-

Issue No. 220

Type

Bug

Status

Closed

Reported By

Oguzhan Aslan

Component

API

Resolution

Not a Bug

Votes

0

Created

19/Nov/15 1:56 PM EST

Closed

1/Dec/2015 7:06 PM EST

Description

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is pres

Closing Comment

1. CORS is disabled. 2. Submitter has not made a case why preflight headers should be added in relation to the first point.

Comments

1. Erik Berg 19/Nov/2015 at 2:08 PM EST

Since CORS is disabled, is this header necessary?

2. Oguzhan Aslan 19/Nov/2015 at 2:14 PM EST

Hey there. I'm trying to local server and I have no problem with Access-Control-Allow-Origin. I use code: $.ajax({ type:"POST", beforeSend: function (request) { request.setRequestHeader("Authority", "Authorization: Bearer 83ed72ce-1a8e-4016-9232-cec76a8023d9"); }, dataType:"json", crossDomain: true, contentType: "application/json; charset=utf-8", url: "https://erikberg.com/nba/boxscore/20120621-oklahoma-city-thunder-at-miami-heat.json", processData: false, success: function(msg) { $("#results").append(); } });

3. Oguzhan Aslan 19/Nov/2015 at 2:23 PM EST

Console Error Message: XMLHttpRequest cannot load /nba/boxscore/20120621-oklahoma-city-thunder-at-miami-heat.json. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 401.

4. Erik Berg 19/Nov/2015 at 3:07 PM EST

Yes, CORS is disabled. One reason CORS is disabled is because the access token would be listed in the source code as you have done in comment #2. The access token should not be listed publicly and it should be kept private in the same manner as a password. If this 'Access-Control-Allow-Origin' header was added, it would not change the result of your program. It would still be denied. That's why I'm asking in comment #1 if it is necessary to add.