</div>
</div>
<div class="grid--cell mb0 mt4">
<a href="/questions/35553500/xmlhttprequest-cannot-load-xxx-no-access-control-allow-origin-header" dir="ltr">XMLHttpRequest cannot load XXX No 'Access-Control-Allow-Origin' header</a>
<span class="question-originals-answer-count">
(8 answers)
</span>
</div>
<div class="grid--cell mb0 mt8">Closed <span title="2017-02-17 09:06:58Z" class="relativetime">3 years ago</span>.</div>
</div>
</aside>
I had been developing a website and had disabled web security to bypass CORS through the following command
chrome.exe --disable-web-security --user-data-dir=/path/to/foo
After successfully developing the website, I uploaded it to my domain but got stuck with the CORS Error. I have tried adding "Access-Control-Allow-Origin": "*", but had no luck.
I can assume CORS error for localhost, but cannot understand why the error persists in my domain?
XMLHttpRequest cannot load https://xxx-xxx.xxxxx.xxxxx.xxxxx.com/. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://xxxxx.xxxxx.com' is therefore not allowed access.
</div>
To enable CORS your server has to set "Access-Control-Allow-Origin" and "Access-Control-Allow-Methods": "POST, GET, PUT, DELETE" (for example).
For a quick reference you can check the wikipedia or for an in depth info visit de w3c specification.
The third part webService must be allowed you access or they had done CORS for every origins. So you just communicate with them. Hope it can help you.