0

I have proper CORS headers configured in my server. It works when I try to do this:

function loadDoc() {
  var xhttp;
  if (window.XMLHttpRequest) {
    // code for modern browsers
    xhttp = new XMLHttpRequest();
    } else {
    // code for IE6, IE5
    xhttp = new ActiveXObject("Microsoft.XMLHTTP");
  }
  xhttp.onreadystatechange = function() {
    if (this.readyState == 4 && this.status == 200) {
      console.log(this.responseText);
    }
  };
  xhttp.open("GET", "http://myurl.com/some/path", true);
  xhttp.send();
}

But it fails when I do this:

function loadDoc() {
  var xhttp;
  if (window.XMLHttpRequest) {
    // code for modern browsers
    xhttp = new XMLHttpRequest();
    } else {
    // code for IE6, IE5
    xhttp = new ActiveXObject("Microsoft.XMLHTTP");
  }
  xhttp.onreadystatechange = function() {
    if (this.readyState == 4 && this.status == 200) {
      document.getElementById("demo").innerHTML = this.responseText;
    }
  };
  xhttp.open("GET", "http://myurl.com/some/path", true);
  xhttp.send();
}

As you can see, the only difference is that in the second codeblock, i'm using the response text and putting inside an html element.

EDIT:

This is the error that I got in the second case:

Access to XMLHttpRequest at 'http://myurl.com/some/path' from origin 'https://stackoverflow.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
sideshowbarker
  • 62,215
  • 21
  • 143
  • 153
Mario Mixtega
  • 17
  • 2
  • 3
    What exactly does "fail" mean here? Does *anything* happen? Errors in the console? – Pointy Jul 25 '19 at 15:52
  • 1
    Clearly we don't have enough info to give a proper answer but here's a debugging tips : since curl doesn't care about CORS, on the Network tab of your devtools, right click the request that failed then Copy -> Copy as Curl, paste on a terminal with an extra "-v", you will see the complete headers and body of the response. Sometimes, something goes wrong on the server side while handling the request and an error is thrown bypassing the lines of code where you set the CORS headers. – Ki Jéy Jul 25 '19 at 15:55
  • 5
    you should really consider using a newer ajax routine; we don't need to support IE5 anymore, for about 20 years now... – dandavis Jul 25 '19 at 15:57
  • CORS isn't failing here. It's your access to the DOM that fails – Udo E. Jul 25 '19 at 17:37
  • Why do you think this is a CORS issue? –  Jul 25 '19 at 17:39
  • You need to look at what the HTTP status code in the cases where it fails. You can use the Network pane in browser devtools to check. In those cases, the HTTP status code is almost certainly a 4xx or 5xx error rather than a 200 OK success response. Error responses won’t have the Access-Control-Allow-Origin. But even if they did, they would still be errors. So you don’t have a CORS problem to fix. Instead you have a 4xx or 5xx problem to fix. The way you can troubleshoot it is to check the server-side logs on the server that you’re sending the request to. – sideshowbarker Jul 25 '19 at 22:00

0 Answers0