On Thu, Dec 7, 2017 at 11:17 AM, Nikola I. <nikiro60(a)gmail.com> wrote:
About: xhr.setRequestHeader( 'Api-User-Agent',
Your problem here has nothing to do with this header. Also, you'd want to
specify something more identifying than "Example/1.0".
Failed to load
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested
Origin 'https://s.codepen.io' is therefore not allowed access.
The API only responds with CORS headers if the URL contains an "origin"
parameter. For accessing from an external site like codepen.io, you'd want
to specify "origin=*".
And you would not want to use the "callback" parameter in that situation,
"callback" is intended for accessing a remote resource by adding a
tag to the header, as you might do in an old browser where XMLHttpRequest
is not available.
When doing a POST, note the "origin" parameter must be in the URL's query
string, not the POST body.
While it doesn't have an example for raw XMLHttpRequest, see
Brad Jorsch (Anomie)
Senior Software Engineer