How/where To Enable Cors(cross Origin Resource Sharing)?
Solution 1:
On which server should the Access-Control-Allow-Origin header be set
The server hosting the content you want to read with XHR. The error message does spell this out, it tells you the URL to a resource that you are requesting and then says that the header is not present on that resource.
Is there any setting/configuration/code change which I need to do in my browser/javascript or HTML code for this to work?
No. The browser handles CORS transparently.
As a general query, is there anything the client can/should do for CORS to work or is it purely a server requirement/configuration?
The client has to support CORS. All modern browsers do.
Is the 'Access-Control-Allow-Origin' mandatory in HTTP responses?
No
If not then what does its absence mean - Does it mean only resources from same domain can be accessed or does it mean all domains are accessible(equivalent to *) ?
If a server doesn't specify Access-Control-Allow-Origin then it doesn't grant permission to any other origin to read its data.
Is there any way a client can force a server to add this header?
No (although a browser extension can intercept the response and add the header, this can be useful for testing purposes).
Post a Comment for "How/where To Enable Cors(cross Origin Resource Sharing)?"