Origin is not allowed by Access-Control-Allow-Origin
The response from the server is the following:
XMLHttpRequest cannot load http://nqatalog.negroesquisso.pt/login.php. Origin
http://localhost:8888is not allowed by Access-Control-Allow-Origin.
How can I fix this problem?
Verified Answer (377 Votes) ✓
I wrote an article on this issue a while back, Cross Domain AJAX.
The easiest way to handle this if you have control of the responding server is to add a response header for:
This will allow cross-domain Ajax. In PHP, you'll want to modify the response like so:
<?php header('Access-Control-Allow-Origin: *'); ?>
You can just put the
Header set Access-Control-Allow-Origin * setting in the Apache configuration or htaccess file.
It should be noted that this effectively disables CORS protection, which very likely exposes your users to attack. If you don't know that you specifically need to use a wildcard, you should not use it, and instead you should whitelist your specific domain:
<?php header('Access-Control-Allow-Origin: http://example.com') ?>
Answer #2 (63 Votes)
If you don't have control of the server, you can simply add this argument to your Chrome launcher:
Note that I wouldn't use this for normal "web surfing". For reference, see this post: Disable same origin policy in Chrome.
One you use Phonegap to actually build the application and load it onto the device, this won't be an issue.
Answer #3 (42 Votes)
If you're using Apache just add:
<ifModule mod_headers.c> Header set Access-Control-Allow-Origin: * </ifModule>
in your configuration. This will cause all responses from your webserver to be accessible from any other site on the internet. If you intend to only allow services on your host to be used by a specific server you can replace the
* with the URL of the originating server:
Header set Access-Control-Allow-Origin: http://my.origin.host