enyo is giving me a “not allowed by Access-Control-Allow-Origin”.and will not load content from nodejs server

Question

I made the simple hello world NODEJS Server. I have a enyo web service running in chrome that is trying to access the NODEJS server at http://localhost:3000

When is calls the onSuccess method, no data is loaded and the consule shows the following error

XMLHttpRequest cannot load http://localhost:3000/. Origin http://localhost:81 is not allowed by Access-Control-Allow-Origin.

I tested the nodejs server in the browser, it worked fine.

I tried to set the --disable-web-security, flag in chrome, it did not work.

Does anybody know how to fix this problem? If NOD.js is running on another server, would it work? This security is so confusing. Ted

Answer 1

For security reasons, browsers limit the requests that a script may make via XMLHttpRequest.

Your requests will only succeed under the following 2 cases:

1. The origin of the URI that your script loads is the same as the origin of the page on which the script is executing (localhost:81 and localhost:3000 are the same host but different origins);
2. or, if your browser supports it, the server of the page being requested includes an Access-Control-Allow-Origin header which explicitly authorizes pages served from the origin in question (or pages served from all origins) to make XMLHttpRequests to it.

Try adding the Accesss-Control-Allow-Origin header to whatever is generating the response in your node code, adding a header in some code that looks like this:

response.writeHead(200, {
                         'Content-Type': 'text/plain',
                         'Access-Control-Allow-Origin' : 'http://localhost:81'

                         //allow anything by replacing the above with
                         //'Access-Control-Allow-Origin' : '*'

});