Cross Origin Resource Sharing Woes (CORS)
How to fix CORS errors when trying to GET a HTTP endpoint API.
preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
origin 'null' has been blocked by CORS policy
CORS exists to stop cross-site request forgeries.
There are a few fixes you can attempt, the first of which is to try setting
dataType: "jsonp", this will solve the issue if the server allows requests from anywhere, ie, there is no access control. However if the server does implement access controls and disallows requests, then what you might end up facing is simply a
net::ERR_ABORTED 400 (BAD REQUEST) error. This is because the browser itself checks the headers and blocks any GET requests that violates the CORS policy.
Unfortunately, this is server dependent. If you are using someone else's API then the workaround would be to use a proxy that forwards your request to the HTTP endpoint, and then responds with the proper CORS headers to the browser.