carstorm carstorm - 7 months ago 21
Javascript Question

Access-Control-Allow-Origin even on same domain

In chrome dev tools I get the error "XMLHttpRequest cannot load https://www.carcraft.atsbusinessandgames.com/xmls/carcraft_1-7-10Test.xml. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://carcraft.atsbusinessandgames.com' is therefore not allowed access."

Why am I getting this error when the files are both on the same domain?

In case you need it here is the applicable code:
XML (page will be blank right click and view source):
https://carcraft.atsbusinessandgames.com/xmls/carcraft_1-7-10Test.xml

Section of HTML page it being put into:

<article>
<header>

</header>

<br />
<br />

<table id="ModsList">
<tr style="font-weight: bold;">
<td>Mod Name</td>
<td>Author(s)</td>
<td>Version</td>
<td>Date added/updated</td>
<td>Description</td>
</tr>

</table>

<script src="https://www.code.jquery.com/jquery-1.8.1.min.js"></script>
<script src="/test.js"></script>
</article>


And here is the javascript/jquery:

$.ajax({
url: 'https://www.carcraft.atsbusinessandgames.com/xmls/carcraft_1-7-10Test.xml',
type: "Get",
dataType: 'xml',
success: function (result) {
$(result).find('Module').each(function() {
var name = $(this).attr("name");
var url = $(this).find('url').text();
var authors = $(this).find('authors').text();
var version = $(this).find('version').text();
var date = $(this).find('date').text();
var description = $(this).find('description').text();
$("#ModsList").append("<tr>" + "<td>" + "<a href=" + url + ">" + name + "</a>" + "</td>" + "<td>" + authors + "</td>" + "<td>" + version + "</td>" + "<td>" + date + "</td>" + "<td>" + description + "</td>" + "</tr>");
});
},
failure: function() {
alert("Notify the site owner that the xml file is unreadable.");
}
});

Answer

They're not the same domain. Same-origin policy requires an exact match for domains. One url has www. which is essentially makes it a different domain regardles if it serves the same exact site. Remove the www from the url your AJAX call uses.

https://www.carcraft.atsbusinessandgames.com
https://carcraft.atsbusinessandgames.com