I want to pull yield curve data from here:
The below get request returns a 200 (OK) status code but also a console note saying Cross-Origin Request Blocked because CORS header 'Access-Control-Allow-Origin' missing.
$.get('http://www.treasury.gov/resource-center/data-chart-center/interest-rates/pages/XmlView.aspx?data=yieldyear&year=2015', function (data) {
$(data).find("entry").each(function () { // or "item" or whatever suits your feed
var el = $(this);
console.log("------------------------");
console.log("d:NEW_DATE : " + el.find("d:NEW_DATE").text());
console.log("d:BC_1MONTH : " + el.find("d:BC_1MONTH").text());
console.log("d:BC_3MONTH : " + el.find("d:BC_3MONTH").text());
});
});
Are there clear rules/laws on accessing data if Access-Control-Allow-Origin is not set to '*' (public)?
What is the consensus when hitting these issues? The data is clearly publicly available; do I ask the US department of treasury to change their Access-Control-Allow-Origin setting to include my domain? (Access-Control-Allow-Origin Multiple Origin Domains?).
It is also clear that there were work arounds before CORS (https://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/). Are they appropriate/legal in this situation? Please could someone suggest concise resource for learning about them if so?
Perhaps I should give up and find a new data source?