发表新帖
发表新帖

The CORS Header 'Access-Control-Allow-Origin' is missing

后端 未结
关注
4 841
自闭症患者
自闭症患者 2020-12-14 11:25

I\'m trying to use webUntis\'(docs) API for a school project. For now I\'m just trying to establish any kind of connection to the API.

var result;
const url
相关标签:
4条回答
  • 渐次进展
    2020-12-14 12:01

    It basically means that this API is not configured to be called from another web page. Cross-Origin refers to making an HTTP request from one domain (origin) to another. This API is meant to be used from a server application. If you need to call it from a web page, you'll need to create a simple proxy server that your web page can call which will make the request to webUntis.

    0 讨论(0)
  • 没有蜡笔的小新
    2020-12-14 12:07

    What is CORS ?

    from MDN :

    Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to let a user agent gain permission to access selected resources from a server on a different origin (domain) than the site currently in use. A user agent makes a cross-origin HTTP request when it requests a resource from a different domain, protocol, or port than the one from which the current document originated.

    SOLUTION

    You need to settings the CORS permission in your server. (https://api.webuntis.dk/api/status)

    Setting Example :

    1. PHP

      <?php header("Access-Control-Allow-Origin: *");

    2. Rails

      #in config/application.rb config.action_dispatch.default_headers = { 'Access-Control-Allow-Origin' => '*', 'Access-Control-Request-Method' => %w{GET POST OPTIONS}.join(",") }

    note: Change * to specific URL that you want to allow CORS. '*' is highly discouraged, unless you are providing a public API that is intended to be accessed by any consumer out there.

    0 讨论(0)
  • 忘掉有多难
    2020-12-14 12:07

    Sending Access-Control-Allow-Origin to the server solves nothing. Server has to send Access-Control-Allow-Origin set to * to your browser to allow ajax requests to run.

    0 讨论(0)
  • 庸人自扰
    2020-12-14 12:13

    You are making a request to another site, in this case the API at api.webuntis.dk. This type of request is called a "Cross Origin Request"

    For such requests to work in JavaScript, the server on their end needs to allow them.

    This is done by their server sending special CORS headers, the most basic one being the "Access-Control-Allow-Origin" header.

    I guess the API provider has not foreseen or planned for this API to be used from a frontend (e.g. JavaScript in the browser), so you would have to work around this.

    One way is to set up your own server and have the JavaScript code make a request to your server and your server then making a request to the API, as server side code is not bound to CORS headers.

    Alternatively, to try things out, you can prefix the URL with https://cors.io like this: 

    const url = 'https://cors.io/?https://api.webuntis.dk/api/status';
    0 讨论(0)
 看不清?
提交回复
热议问题