I want a simple javascript script that exists on my localhost to make a connection to another domain(eg: anotherdomain) with ajax and get the response , but all my browsers tell me that error of (connection blocked , Reason: CORS header 'Access-Control-Allow-Origin' missing)

but when I check the network traffic with network monitor program like (fiddler), I see that the response already came from the server at (anotherdomain) to my local machine , it is just my browser who is blocking me from getting it !!

1- can I order my browser to ignore the CORS rules using javascript code?

2- what is my options to overe this problem? is building a custom client disktop application with c# to send and receive requests freely is the best way to do it?

3- is CORS policy designed to protect the web clients or the web servers ?

thank you, and please consider that I'm plete newbie in web

I want a simple javascript script that exists on my localhost to make a connection to another domain(eg: anotherdomain.) with ajax and get the response , but all my browsers tell me that error of (connection blocked , Reason: CORS header 'Access-Control-Allow-Origin' missing)

but when I check the network traffic with network monitor program like (fiddler), I see that the response already came from the server at (anotherdomain.) to my local machine , it is just my browser who is blocking me from getting it !!

1- can I order my browser to ignore the CORS rules using javascript code?

2- what is my options to overe this problem? is building a custom client disktop application with c# to send and receive requests freely is the best way to do it?

3- is CORS policy designed to protect the web clients or the web servers ?

thank you, and please consider that I'm plete newbie in web

• javascript
• ajax
• browser
• cors

Share Improve this question Follow asked May 1, 2016 at 14:32 the accountantthe accountant 52611 gold badge66 silver badges1414 bronze badges 1

• 1 If you're running chrome you can use the --disable-web-security flag – Musa Commented May 2, 2016 at 1:59

Add a ment  | 

1 Answer 1

Sorted by: Reset to default 1

but when I check the network traffic with network monitor program like (fiddler), I see that the response already came from the server at (anotherdomain.) to my local machine , it is just my browser who is blocking me from getting it !!

Well for sure, the connection was estabilished to check the presence of the header you mentioned, but data was unlikely to be transferred.

Regarding your questions,

1. There are 2 options actually. One is to set the Access-Control-Allow-Origin header with proper origin according to yours. The second is to make a JSONP call, though the response of server must support such a solution.

2. The best option is to have a server with the above header specified. Your server would handle all the network stuff on its side and your script would just get/send some responses/requests.

3. I would say it designed more to protect the server. Imagine the following situations. Your script on your site makes a lot of POST requests to the another site. Actions like submitting forms etc. could happen and would be allowed. That's harmful, right? You can read about that in this stack question.