2

How to bypass CORS (Cross-Origin Resource Sharing) issue using headers or json-p

Solution using headers

Contents

To overcome the issue of CORS, the recommended option is to enable Access-Control-Allow-Origin header in the server which provides the API. Let us now see how this can be done. (Below solution is tested on Apache server running in a Ubuntu OS. For other servers this option may or may not work.)

  1. First make sure that apache header module is enabled in your server. If not, enable headers using below command:
  2. Add the following in your apache configuration file or .htaccess file of the project which exposes the REST API. I prefer .htaccess file of my project over apache configuration file since I dont want to enable CORS globally for every projects.

    The above statement would enable requests from any client domains since we have given “*” as the option for domain. If you want to restrict the access to any specific client domain then do the following:

    The Access-Control-Allow-Origin supports only one client domain or all client domains by default. If you want to enable more than one client domain but not all client domains, then we can apply a workaround to fix this issue (thanks to the post at stackoverflow).

    Here we take the origin url from the client request and then matches it with the list of allowed client list. If the domain is in the list then we echo the name of the domain to Access-Control-Allow-Origin header.

The above method should work for most of the situations. If you are again getting a 405 error in chrome or following error in firefox

then you can try adding  other headers supported by CORS as below:

For more information on this specific issue you can refer the article by Benjamin Horn.

Swaroop Shankar V

2 Comments

  1. You can also check the open source program [Bypass Cors](https://chrishham.github.io/BypassCors/) ,
    an installable Electron App (Windows/Mac/Linux), that lets you Bypass ALL CORS Restrictions permanently,
    by allowing you to set your own custom Headers (+Origin).

    It is specifically designed to work with Web Apps and its perfect for Real Time Scraping.

    Disclaimer: I am the author of the program.

    • Thanks, Christopher, your project looks interesting. Will give it a try

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.