ember.js - Get around: No 'Access-Control-Allow-Origin' header is present on the requested resource -
i have deal restful server not under control. when try fetch id 1 record error get:
xmlhttprequest cannot load http://www.example.com/api/v1/companies/1. no 'access-control-allow-origin' header present on requested resource. origin 'http://localhost:4200' therefore not allowed access.
i can curl
on shell:
$ curl -i http://www.company.com/api/v1/companies/1 http/1.1 200 ok cache-control: private content-length: 11055 content-type: application/javascript last-modified: thu, 18 jun 2015 07:30:26 gmt accept-ranges: bytes etag: "5e772a598a9d01:0" p3p: policyref="/w3c/p3p.xml",cp="cao dsp law cura adma deva cusi our leg uni" date: fri, 19 jun 2015 13:06:46 gmt $
i use following contentsecuritypolicy:
contentsecuritypolicy: { 'default-src': "'none'", 'script-src': "'self'", 'font-src': "'self'", 'connect-src': "'self' http://www.example.com", 'img-src': "'self'", 'style-src': "'self'", 'media-src': "'self'" }
how can fix this? how can tell ember use it?
setting contentsecuritypolicy
allows browser make request http://localhost:4200
http://www.example.com
.
if didn't have set, seeing error like:
[report only] refused connect 'http://www.example.com/' because violates following content security policy directive: "connect-src 'self' http://localhost:* ws://localhost:* ws://localhost:35729 ws://0.0.0.0:35729".
after doing request, if http://www.example.com
doesn't contain particular header allows http://localhost:4200
make these requests, browser throws error..
for more information take @ question: how access-control-allow-origin header work?
if you're using ember cli development can proxy ajax requests http://www.example.com/
using:
ember server --proxy http://www.example.com/
but doesn't solve problem when moving production. need other solution that.
Comments
Post a Comment