×

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.



  1.  Home
  2. WEB400
  3. April 2019

CORS header 'Access-Control-Allow-Origin'

Security issues scare me.  It seems like a really easy place to make oneself look like an idiot.

Here is the scenario:  I have a web services service available. It is reachable over the internet (if one is inside the VPN) from a browser line at, say, _http://an.ibm.i/api/dayName/2019-03-15_ and returns:

dayOut "2019-03-15 is a Friday"

which is what I expect and want.

However if I use that link in an index.html on the same desktop I get  "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://.../api/dayName/2019-03-15. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

OK.  I get it.  There is a security issue that is being solved. Good.

So I read about what to do and realize this is way out of my wheelhouse.  What have others done?




This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.