+ 2
How to set the Access Control Allow Origin so that only the following code can get access to server data?
According to what I have read I need to specify the url of the site to access control allow origin to allow the data to be accessed by only that ,but I haven't able to figure out right url ,using url of the code doesn't works https://code.sololearn.com/WW67aYc8erQA/?ref=app
11 ответов
+ 3
Abhay What's the domain listed in the Referer HTTP Header when the SL App is accessing your localhost:9000 web server?
That might help you identify what value to include for the Access-Control-Allow-Origin.
You might need to review your web server logs or debug the request on your localhost:9000 web server to pull the value in real time.
----
Update:
----
DOH... I'm must be tired. I believe the Allow-Control-Allow-Origin would need to be applied on the SoloLearn web server. 🤦♂️
+ 5
Abhay you can't make a request to a locally run server from sololearn. You will have to run your code locally as well.
In order to make requests from sololearn to your server, you will probably have to do some port forwarding with your wireless router.
+ 2
I see now. So when you serve your web files locally, the host will be null. This is why * is working. Are you using an npm package or python as your http server? There may be some configuration you can do to set your own host value, but I haven't messed around with it much. This is a good article to get started, but it sounds like you have one already. https://developer.mozilla.org/en-US/docs/Learn/Common_questions/set_up_a_local_testing_server
+ 2
Here is another answer that is related to your problem as well: https://stackoverflow.com/questions/8456538/origin-null-is-not-allowed-by-access-control-allow-origin
+ 2
David Carroll actually I see x-referenced-with:com.sololearn when making cross origin request and
referer:http://localhost:9000/
when making a get request from the same origin , and http://localhost:9000/ works well but not com.sololearn as expected as it's not the full url
+ 1
You have to set the access control allow origin in your server's response header, not in your request from your JavaScript. If you only want to allow requests from a specific host (like sololearn.com), you need to set it to that host. Otherwise, you can use the following to allow requests from all hosts:
Access-Control-Allow-Origin: *
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
+ 1
Zeke Williams I have set Access-Control-Allow-Origin:* in server response header but then every site can make a request to it and access the data , so I am asking how could I do something like Access-Control-Allow-Origin:www.sololearn.com/ to restrict access to server by that only ,and I have tried using the code url which is making request ,as well as www.sololearn.com but it doesn't works
+ 1
You have to include the protocol as well Abhay
Access-Control-Allow-Origin: https://www.sololearn.com
+ 1
Zeke Williams I did that before ,again tried and getting the same error
https://www.sololearn.com/post/494727/?ref=app
0
Zeke Williams oh ok ty but I don't understand all that port forwarding and so ,will have to read about it ,but when i set Access-Control-Allow-Origin to '*' then it works ,I am able to make requests and get the data