Tommy Chan's Software Blog: XMLHttpRequest cannot load http://localhost:1337/create. Origin null is not allowed by Access-Control-Allow-Origin.

Monday, 2 July 2012

XMLHttpRequest cannot load http://localhost:1337/create. Origin null is not allowed by Access-Control-Allow-Origin.

I've started to do some backend Node work today. While my index.html is served locally on the file system, the node server actually runs on localhost with a port. This presented a problem when I try to make an ajax call. Here is the response

XMLHttpRequest cannot load http://localhost:1337/create. Origin null is not allowed by Access-Control-Allow-Origin.

If you get this error, that means that you are not allowed to cross site request, unless the server says you are allowed. Well how do you do this? Simple:


    res.header('Access-Control-Allow-Origin', '*');

For production though, depending on how secure you want your web service to be, you might not want to do '*' (allow everything from all domains) but rather restrict it to your own domain.

Tommy Chan's Software Blog

Monday, 2 July 2012

XMLHttpRequest cannot load http://localhost:1337/create. Origin null is not allowed by Access-Control-Allow-Origin.

No comments:

Post a Comment