"No 'Access-Control-Allow-Origin' header is present"


Am I missing something super obvious here? I have the “code”. I call this:

	  type: "POST",
	  url: "https://uat.dwolla.com/oauth/v2/token",
	  headers: {
	  data: '{"client_id": "[clientid]","client_secret":"[clientsecret]","code":"'+code+'","grant_type":"authorization_code","redirect_uri":"[url]"}',
	  success: function(result){

Chrome tells me “XMLHttpRequest cannot load https://uat.dwolla.com/oauth/v2/token. Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘https://whatever.com’ is therefore not allowed access.”



(Jared Dellitt) #2

Hey @DanF, browsers won’t let you make an ajax request like that to a different domain (CORS) for security reasons unless the domain explicitly permits it with that header.

I’d recommend you perform this call on the server, which will also keep your client secret secure.


Ok, thanks, I guess I was looking for a pure client-side solution but I guess that’s not possible.

(Cory Anderson) #4