I am stuck with this CORS problem, even though I set the server (nginx/node.js) with the appropriate headers.
I can see in Chrome Network pane -> Response Headers:
Access-Control-Allow-Origin:http://localhost
which should do the trick.
Here's the code that I now use to test:
var xhr = new XMLHttpRequest();
xhr.onload = function() {
console.log('xhr loaded');
};
xhr.open('GET', 'http://stackoverflow.com/');
xhr.send();
I get
XMLHttpRequest cannot load http://stackoverflow.com/. Origin http://localhost is not allowed by Access-Control-Allow-Origin.
I suspect it's a problem in the client script and not server configuration...
Chrome does not support localhost for CORS requests (a bug opened in 2010, marked WontFix in 2014).
To get around this you can use a domain like
localho.st
(which points at 127.0.0.1 just like localhost) or start chrome with the--disable-web-security
flag (assuming you're just testing).