admin管理员组

文章数量:1135972

I'm running into a weird CORS issue right now.

Here's the error message:

XMLHttpRequest cannot load http://localhost:8666/routeREST/select?q=[...] 
Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin

Two servers:

• localhost:8666/routeREST/ : this is a simple Python Bottle server.
• localhost:8080/ : Python simpleHTTPserver where I run y Javascript application. This app is executing Ajax requests on the server above.

Any thought on what could be the problem?

EDIT:

And... the port was the problem. Thanks for your answers :)

If anyone is using a Python bottle server as well, you can follow the answer given on this post to solve the CORS issue: Bottle Py: Enabling CORS for jQuery AJAX requests

I'm running into a weird CORS issue right now.

Here's the error message:

XMLHttpRequest cannot load http://localhost:8666/routeREST/select?q=[...] 
Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin

Two servers:

• localhost:8666/routeREST/ : this is a simple Python Bottle server.
• localhost:8080/ : Python simpleHTTPserver where I run y Javascript application. This app is executing Ajax requests on the server above.

Any thought on what could be the problem?

EDIT:

And... the port was the problem. Thanks for your answers :)

If anyone is using a Python bottle server as well, you can follow the answer given on this post to solve the CORS issue: Bottle Py: Enabling CORS for jQuery AJAX requests

• javascript
• python
• ajax
• cross-domain
• cors

Share Improve this question Follow edited May 23, 2017 at 11:54 CommunityBot 111 silver badge asked Nov 13, 2013 at 23:39 Mr_PouetMr_Pouet 4,28188 gold badges3939 silver badges4949 bronze badges 8

• 17 Since they are on different ports there are not the same! – some Commented Nov 13, 2013 at 23:41
• The port numbers are different. This might violate Cross Origin rules. – user1864610 Commented Nov 13, 2013 at 23:41
• 5 Note that IE doesn't take port number into account. – Ray Nicholus Commented Nov 14, 2013 at 15:19
• 1 @some Most browsers also conclude they're not the same if one has a 'www' and the other doesn't. The devil's in the details. – Seldom 'Where's Monica' Needy Commented Apr 19, 2017 at 23:18
• @SeldomNeedy example.com, www.example.com, www1.example.com, and mirror.www.example.com are all different domains. example.com, example.com, example.com, example.com:80443 are all from different origins. – some Commented Apr 24, 2017 at 12:44

 |  Show 3 more comments

3 Answers 3

Sorted by: Reset to default 176

It is only the same if the scheme, domain and port are identical. Same Origin Policy

Clarification

• http and https are not the same scheme. (By default they also use different ports)
• example.com and www.example.com are not the same domain.
• Port 80 and 443 are not the same port.

How to enable CORS

If you want to enable CORS you must follow Cross-Origin Resource Sharing (cors) by adding headers. Mozilla has examples.

In the incoming request you get an Origin header:

Origin: https://example.com

You need to add Access-Control-Allow-Origin as a header in your response. To allow everyone (you should probably NOT do that):

Access-Control-Allow-Origin: *

Multiple origins

If you need to support multiple origins (for example, both example.com and www.example.com), set the Access-Control-Allow-Origin header in your response to match the Origin header in the request (provided you have verified that the origin is on the whitelist).

WHY DO I GET REQUESTS WITH OPTIONS METHOD?

Note that some requests send a preflight-request, with an OPTIONS-method, so if you write your own code you must handle those requests too. See Mozilla for examples.

The port numbers are different.

A request is considered cross-domain if any of the scheme, hostname, or port do not match.

Even Including http:// Or https:// At The Front Matters

I know the title may be stating the obvious for many, so PLEASE allow me to explain. When testing an operation to call an API developed with Python FastAPI, you define the URLs allowed to access the API directly in the API code. I'll leave an example at the end.

I found that I could get away with NOT using http:// at the front when testing from JavaScript running on my localhost, BUT when I ran the same API from a Docker container, I kept getting CORS violations. I hadn't remembered this being a problem with past usages of this API.

WHEN I ADDED http:// to the front of my allowed server names and ports, BOOM - access allowed.

I hope this saves someone the time that I lost ;-) !

Example Fast API CORS Settings:

# Container
long_server_name = "http://SomeFullyQualifiedServerName"
short_server_name = "http://SomeServerName"

# Local
# server_name = "http://127.0.0.1"

origins = [
    "http://127.0.0.1:8000",  # Conductor API
    "http://127.0.0.1:5500",  # Conductor Runner Dev
    "http://127.0.0.1:5501",  # Quote Runner Dev
    "http://127.0.0.1:5502",  # Quote Runner Dev
    f"{long_server_name}:5000",  # Conductor Web UI
    f"{long_server_name}:5001",  # Quote Runner
    f"{short_server_name}:5000",  # Conductor Web UI
    f"{short_server_name}:5001",  # Quote Runner
]

app.add_middleware(
    CORSMiddleware,
    allow_origins=origins,
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

本文标签： javascriptCORS error on same domainStack Overflow