Why am I seeing an "origin is not allowed by Access-Control-Allow-Origin" error here?
Javascript is limited when making ajax requests outside of the current domain.
- Ex 1: your domain is example.com and you want to make a request to test.com => you cannot.
- Ex 2: your domain is example.com and you want to make a request to inner.example.com => you cannot.
- Ex 3: your domain is example.com:80 and you want to make a request to example.com:81 => you cannot
- EX 4: your domain is example.com and you want to make a request to example.com => you can.
Javascript is limited by the "same origin policy" for security reasons so that a malicious script cannot contact a remote server and send sensitive data.
jsonp is a different way to use javascript. You make a request and results are encapsulated into a callback function which is run in the client. It's the same as linking a new script tag into the head part of your html (you know that you can load scripts from different domains than yours here).
However, to use jsonp the server must be configured properly. If this is not the case you cannot use jsonp and you MUST rely on a server side proxy (PHP, ASP, etc.). There are plenty of guides related to this topic, just google it!
XMLHttpRequest will not let you reach localhost:8080
because of the "same origin policy".
You can allow requests from modern browsers by adding a header to your response on localhost:8080
:
Access-Control-Allow-Origin: *
You can do so by adding directives to your HTTP server or adding headers via server-side code (PHP, Ruby, ...).
Read more on Cross-Origin ajax requests on https://developer.mozilla.org/en/http_access_control
If you are using Chrome, a simple workaround (only for development purposes) is to use option --disable-web-security
.