access control allow origin not allowed by

access control allow origin not allowed by  using -'javascript,ajax,xmlhttprequest,youtube-api'

I am seeing the following error:

Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin

with this code:

var http = new getXMLHttpRequestObject();
var url = "";
var sendXML = '<?xml version="1.0"?><entry xmlns=""'+
    '<media:group><media:title type="plain">My First API</media:title>'+
    '<media:description type="plain">First API</media:description>'+
    '<media:category scheme="">People</media:category>'+
    '<media:keywords>first, api</media:keywords></media:group></entry>';"POST", url, true);
http.setRequestHeader("Authorization", "AuthSub token=" + AccessToken);
http.setRequestHeader("X-GData-Key", "key="+ dev_key);
http.setRequestHeader("Content-Type", "application/atom+xml; charset=UTF-8");

http.onreadystatechange = function() {
    if(http.readyState == 4) {

What can cause this, and how do I solve it?

asked Oct 6, 2015 by rajnipancholi
0 votes

9 Answers

0 votes

Javascript is limited when making ajax requests outside of the current domain.

  • Ex 1: your domain is and you want to make a request to => you cannot.
  • Ex 2: your domain is and you want to make a request to => you cannot.
  • Ex 3: your domain is and you want to make a request to => you cannot
  • EX 4: your domain is and you want to make a request to => you can.

Javascript is limited by the "same origin policy" for security reasons so that a malicious script cannot contact a remote server and send sensitive data.

jsonp is a different way to use javascript. You make a request and results are encapsulated into a callback function which is run in the client. It's the same as linking a new script tag into the head part of your html (you know that you can load scripts from different domains than yours here).
However, to use jsonp the server must be configured properly. If this is not the case you cannot use jsonp and you MUST rely on a server side proxy (PHP, ASP, etc.). There are plenty of guides related to this topic, just google it!

answered Oct 6, 2015 by yashwantpinge
0 votes

XMLHttpRequest will not let you reach localhost:8080 because of the "same origin policy".

You can allow requests from modern browsers by adding a header to your response on localhost:8080:

Access-Control-Allow-Origin: *

You can do so by adding directives to your HTTP server or adding headers via server-side code (PHP, Ruby, ...).

Read more on Cross-Origin ajax requests on

answered Oct 6, 2015 by dhananjayksharma
0 votes

If your using apache, this works: put this in/create a .htaccess file in your public root, and add any other file extensions you might need.

    Header set Access-Control-Allow-Origin "*"

answered Oct 6, 2015 by yashwantpinge
0 votes

For local development you can use a tool for modifying the HTTP response headers. For example Charles is able to do this by the included rewrite tool: Rewrite Tool

Just add a new rule for the target domain/location with:

Type: Add Header
Where: Response
     Name: Access-Control-Allow-Origin
     Value: *
Replace All
answered Oct 6, 2015 by nimisha.jagtap
0 votes

Unrelated to this particular question, but for anyone in this situation using jQuery...This error is also caused if you try to make a JSONP request using jQuery and omit the magic callback parameter: callback=?

answered Oct 6, 2015 by atulpariharmca
0 votes

If you are from a java background one possible solution could be to make a servlet which calls the Web-services for your javascript. something like the below code in the GET(Your-choice) method...

JsonElement jelement;
    JsonArray jarray;
    try {
        URL url = new URL("http://rest."YOUR URL"#ba0482");
        URLConnection connection = url.openConnection();
        InputStream inStream = connection.getInputStream();
        BufferedReader input = new BufferedReader(new InputStreamReader(inStream));

        jelement = new JsonParser().parse(input);

        jarray = jelement.getAsJsonArray();

        PrintWriter out = response.getWriter();
    } catch (FileNotFoundException e) {
    } catch (IOException e) {

Now in the javascript simply specify the url as the servlet name!!

answered Oct 6, 2015 by balvant maurya
0 votes

Add a global.asax in your solution.


HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");


protected void Application_BeginRequest(object sender, EventArgs e)
answered Oct 6, 2015 by nimisha.jagtap
0 votes

I run into the same error message, when using ajax to access a php page (javascript and php file are both located on same server).

The reason was that I specified the IP address as the domain in my JavaScript. This made the Browser believe that the call to the php file is on another server.

So an easy solution to get rid off this error message. a) verify javascript and php file are on the same server b) make sure the url (in particular the domain) in your JavaScript (e.g. ajax reflects your server url (e.g.

answered Oct 6, 2015 by atulpariharmca
0 votes

if you re using google chrome as a browser you can add CORS extension, and activate it , it will solve the hole problem without having to change anything in your code

answered Oct 6, 2015 by maurya