bsr bsr - 5 months ago 38
Ajax Question

Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin

XMLHttpRequest cannot load http://localhost:8080/api/test. Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin.


I read about cross domain ajax requests, and understand the underlying security issue. In my case, 2 servers are running locally, and like to enable cross domain requests during testing.

localhost:8080 - Google Appengine dev server
localhost:3000 - Node.js server


I am issuing an ajax request to
localhost:8080 - GAE server
while my page is loaded from node server. What is the easiest, and safest ( Don't want to start chrome with
disable-web-security
option). If I have to change
'Content-Type'
, should I do it at node server? How?

Answer

Since they are running on different ports, they are different domains. It doesn't matter that they are on the same machine/hostname.

You need to enable CORS on the server (localhost:8080). Check out this site: http://enable-cors.org/

All you need to do is add an HTTP header to the server:

Access-Control-Allow-Origin: http://localhost:3000

Or, for simplicity:

Access-Control-Allow-Origin: *
Comments