How do I fix the XHR error?

Question

1.00/5 (1 vote)

See more:

Hello, coding guys,

As you looked in the title, I want to tell you something, that when I try to xhr.post() with GET method, site https://api.scratch.mit.edu/users/NurkComics/projects, it returns this error to the console:

Error

Access to XMLHttpRequest at 'https://api.scratch.mit.edu/users/NurkComics/projects' from origin 'https://random-scratch-project-game.rixthetyrunt.repl.co' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

While I defined the header, here's the code:

script.js

xhr = new XMLHttpRequest()
xhr.withCredidentials = "true"
xhr.onload = function() {
	globalThis.projects = JSON.parse(this.responseText)
}
xhr.open("GET", "https://api.scratch.mit.edu/users/NurkComics/projects", true)
xhr.setRequestHeader("Access-Control-Allow-Origin", "true")
xhr.send()

What I have tried:

Posted 16-Apr-22 8:10am

Tyrunt.new("Rix")

Updated 20-Apr-22 22:06pm

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Answer 1 · 2022-04-20T21:37:00

The site you are trying to access does not allow script running on your site to load its data.

Cross-Origin Resource Sharing (CORS) - HTTP | MDN[^]

You cannot set the CORS headers on the request, since that would result in a breach of the security restrictions that CORS provides. It would be like a club that doesn't let you in if your name's not on the list, but allows you to provide your own list of names when you try to get in - an entirely pointless exercise.

Unless you can get the MIT site admins to cooperate and add the appropriate response headers to allow access from your site, you will need to write a proxy script on your own server. How you do that will depend entirely on the server-side language / framework you are using, which you haven't specified.

Patrice T · Answer 2 · 2022-04-20T22:06:00

Quote:
How do I fix the XHR error?

Technically, this is not error, it is normal response.
The message tells you that you just tried to enter a secure room without the key, your error is that you don't have the key/authorization to enter that room.
The only solution is to get the key/credentials and include on the request.

How do I fix the XHR error?

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0