Response is a 401 error when requesting local resource from http webpage

Question

Chrome is throwing

XMLHttpRequest cannot load http://127.0.0.1:8006/test No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://xxx.yyy.com' is therefore not allowed access. The response had an HTTP status code 401.

I am opening a popup with HTTP and making a request to a local HTTP server created by Java.

It's working fine in all machines except in some different machine, the browser throws the above mentioned error.

As per my understanding, getting this error in HTTP to HTTP is a bit strange.

Answer 1

It's not strange at all – 127.0.0.1:8006 and xxx.yyy.com are different origins, and the Java server is not sending the Access-Control-Allow-Origin header that would tell the broswer it's okay.

More details at https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

Basically, the Java server needs to add the Access-Control-Allow-Origin header with either an allowed CORS origin or a wildcard (which would allow any origin):

• Access-Control-Allow-Origin: *
• Access-Control-Allow-Origin: http://xxx.yyy.com (including the protocol, since http and https are different origins in the browser's eyes)

Answer 2

You have to add headers in server side where you are calling that URL for web service implementation. This will help you to understand, how the headers are added in java.

For e.g:

.header("Access-Control-Allow-Origin", "*")

If still you want to avoid the cross origin error. In this case, I suggest you to use this extension with chrome: Chrome extension for cors.

This will help you to avoid cross origin error in browser only in your machine for the development purpose.