The CORS Header 'Access-Control-Allow-Origin' is missing

Question

I\'m trying to use webUntis\'(docs) API for a school project. For now I\'m just trying to establish any kind of connection to the API.

var result;
const url          


        

Answer 1

What is CORS ?

from MDN :

Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to let a user agent gain permission to access selected resources from a server on a different origin (domain) than the site currently in use. A user agent makes a cross-origin HTTP request when it requests a resource from a different domain, protocol, or port than the one from which the current document originated.

SOLUTION

You need to settings the CORS permission in your server. (https://api.webuntis.dk/api/status)

Setting Example :

1. PHP

2. Rails

   #in config/application.rb config.action_dispatch.default_headers = { 'Access-Control-Allow-Origin' => '*', 'Access-Control-Request-Method' => %w{GET POST OPTIONS}.join(",") }

note: Change * to specific URL that you want to allow CORS. '*' is highly discouraged, unless you are providing a public API that is intended to be accessed by any consumer out there.