CORS header 'Access-Control-Allow-Origin' missing Cordova

[Montassar Ben Hmida]

hello,
I'm creatring a cordova-appache application  where I communicate with a web server (get and post http request to http://192.168.1.1/cgi/json/****)
in my code javascript I'm using xhr , when I send the first get request, the server respond me with json response and give me a session id and I follow response with wireshark,
the fisrt problem  http.status return 0
the second problem in the console log i had this message <Reason: CORS header 'Access-Control-Allow-Origin' missing.>


I added this in config.xml
 <allow-navigation href="http://*/*"/>
    <allow-navigation href="https://*/*"/>
    <allow-navigation href="data:*"/>

And this to javascript code :
http.open('GET', request_field, true);
        http.setRequestHeader("Access-Control-Allow-Origin", "*");
    http.setRequestHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    http.setRequestHeader("Access-Control-Allow-Methods","POST, GET, OPTIONS, DELETE, PUT, HEAD");
        http.send();

 Like environment i'm using:
    ubuntu
    cordova version: 6.1.1
    nodejs version :v0.10.25
    and Firefox    

[Steve Sobol - Lobos Studios]

When you say "javascript", you mean on the node.js side, right?

Thanks

--
-- You received this message because you are subscribed to the Google
Groups "phonegap" group.
To post to this group, send email to phon...@googlegroups.com
To unsubscribe from this group, send email to
phonegap+u...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/phonegap?hl=en?hl=en
 
For more info on PhoneGap or to download the code go to www.phonegap.com
---
You received this message because you are subscribed to the Google Groups "phonegap" group.
To unsubscribe from this group and stop receiving emails from it, send an email to phonegap+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
Lobos Studios | Phone: 877.919.4WEB | LobosStudios.com | Facebook.com/LobosStudios | @LobosStudios
Web Development - Mobile Development - Helpdesk/Tech Support - Computer Sales & Service
Acer Authorized Reseller - Computers, Windows and Android Tablets, Accessories

Steve Sobol - CEO, Senior Developer and Server Jockey
st...@LobosStudios.com

[Kerri Shotts]

You need to configure your server to return the appropriate headers, not the client. All you're doing is sending these headers to the server, which the server is going to happily ignore. 

See http://www.html5rocks.com/en/tutorials/cors/

On Monday, April 4, 2016 at 11:25:05 AM UTC-5, Montassar Ben Hmida wrote:

...

[Robert Harrison]

Ø  You need to configure your server to return the appropriate headers, not the client.

 

That’s generally done on the server page you are requesting.  You can generally do that using the server side language:

 

<?php header("Access-Control-Allow-Origin: *"); ?>

 

 

 

Robert Harrison
Full Stack Developer
AIMG
rhar...@aimg.com
Main Office: 704-321-1234  ext.118
Direct Line: 516-302-4345
www.aimg.com

--

[Steve Sobol - Lobos Studios]

What you're both missing is that the OP is using node.js, and it looks like he is running a web server using node.js (note the use of the Node "http" module). That's why I asked for clarification

[Robert Harrison]

I suspect you still need to do that on the server side… otherwise what would be the point in having a security block if you could just walk around it by sending a header from the client?

 

http://enable-cors.org/server_expressjs.html

 

http://stackoverflow.com/questions/7067966/how-to-allow-cors-in-express-node-js

[Steve Sobol - Lobos Studios]

But given the code snippet that was provided in the original post, it looks like that is how things are set up.

But we need to hear back from the OP to be sure