No 'Access-Control-Allow-Origin' header is present error

Answered

Posted Feb 25, 2016

I'm trying to send an ajax request to "example123.com".

requests: {
something: {
url: 'https://api.example123.com/something',
type: 'GET',
dataType: 'json',
cors: true,
xhrFields: {
withCredentials: true
},
headers: {
"Authorization": "123"
}
},
}

But I have an error:

XMLHttpRequest cannot load https://api.example123.com/something.
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.

Origin 'https://mycompany.zendesk.com' is therefore not allowed access.

As I understand, I can't do anything about it because it's example123.com who has to allow Access Controll Allow Origin policy on their website, not me, right?

7 comments

Date

Official

Joe

Feb 25, 2016

You got it. Your request looks good, but that header needs to be set by the api.example123.com server. If you want to request CORS support this is a great link to share: http://enable-cors.org/server.html

Edited: this is only if you need/want to use CORS. We provide a proxy to let you make requests to different domains when CORS is not enabled on the destination server.

Roman Sandler

Feb 25, 2016

In cases where you can't enable CORS on the target server you can remove the cors: true from your request. That will proxy it through the same origin, bypassing this error.

Joe

Feb 25, 2016

Yes, very good point Roman. I was assuming you needed CORS, but we provide a proxy in the apps framework to help you make requests like this without using CORS.

fdfdsfds

Feb 26, 2016

Roman Sandler, I need whatever makes it work, which is sending an ajax request to an external, not mine own third-party server. What do you mean exactly? How might I not need CORS?