+ 2

How to set the Access Control Allow Origin so that only the following code can get access to server data?

According to what I have read I need to specify the url of the site to access control allow origin to allow the data to be accessed by only that ,but I haven't able to figure out right url ,using url of the code doesn't works https://code.sololearn.com/WW67aYc8erQA/?ref=app

16th Aug 2020, 12:26 PM
Abhay
Abhay - avatar
11 ответов
+ 3
Abhay What's the domain listed in the Referer HTTP Header when the SL App is accessing your localhost:9000 web server? That might help you identify what value to include for the Access-Control-Allow-Origin. You might need to review your web server logs or debug the request on your localhost:9000 web server to pull the value in real time. ---- Update: ---- DOH... I'm must be tired. I believe the Allow-Control-Allow-Origin would need to be applied on the SoloLearn web server. 🤦‍♂️
16th Aug 2020, 4:43 PM
David Carroll
David Carroll - avatar
+ 5
Abhay you can't make a request to a locally run server from sololearn. You will have to run your code locally as well. In order to make requests from sololearn to your server, you will probably have to do some port forwarding with your wireless router.
16th Aug 2020, 3:28 PM
Zeke Williams
Zeke Williams - avatar
+ 2
I see now. So when you serve your web files locally, the host will be null. This is why * is working. Are you using an npm package or python as your http server? There may be some configuration you can do to set your own host value, but I haven't messed around with it much. This is a good article to get started, but it sounds like you have one already. https://developer.mozilla.org/en-US/docs/Learn/Common_questions/set_up_a_local_testing_server
16th Aug 2020, 4:31 PM
Zeke Williams
Zeke Williams - avatar
16th Aug 2020, 4:34 PM
Zeke Williams
Zeke Williams - avatar
+ 2
David Carroll actually I see x-referenced-with:com.sololearn when making cross origin request and referer:http://localhost:9000/ when making a get request from the same origin , and http://localhost:9000/ works well but not com.sololearn as expected as it's not the full url
16th Aug 2020, 10:42 PM
Abhay
Abhay - avatar
+ 1
You have to set the access control allow origin in your server's response header, not in your request from your JavaScript. If you only want to allow requests from a specific host (like sololearn.com), you need to set it to that host. Otherwise, you can use the following to allow requests from all hosts: Access-Control-Allow-Origin: * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
16th Aug 2020, 2:22 PM
Zeke Williams
Zeke Williams - avatar
+ 1
Zeke Williams I have set Access-Control-Allow-Origin:* in server response header but then every site can make a request to it and access the data , so I am asking how could I do something like Access-Control-Allow-Origin:www.sololearn.com/ to restrict access to server by that only ,and I have tried using the code url which is making request ,as well as www.sololearn.com but it doesn't works
16th Aug 2020, 3:10 PM
Abhay
Abhay - avatar
+ 1
You have to include the protocol as well Abhay Access-Control-Allow-Origin: https://www.sololearn.com
16th Aug 2020, 3:12 PM
Zeke Williams
Zeke Williams - avatar
+ 1
Zeke Williams I did that before ,again tried and getting the same error https://www.sololearn.com/post/494727/?ref=app
16th Aug 2020, 3:19 PM
Abhay
Abhay - avatar
0
Zeke Williams oh ok ty but I don't understand all that port forwarding and so ,will have to read about it ,but when i set Access-Control-Allow-Origin to '*' then it works ,I am able to make requests and get the data
16th Aug 2020, 4:14 PM
Abhay
Abhay - avatar