5

I have a "DOM" file that calls an ASP file (NOT .NET) on another domain. How do I write the Access-Control-Allow-Origin in ASP? Access-Control-Allow-Origin is for "PHP" but I cant find the syntax for ASP, I can only find it for ASP.NET

It works fine when I use Internet Explorer but in Chrome it says

"No Access-Control-Allow-Origin header is present on the requested resource. Origin 'http://SOURCEDOMAIN' is therefore not allowed access."

Improve this question
3
  • 1
    It's a HTTP header to specify them in Classic ASP use Response.AddHeader "Access-Control-Allow-Origin", "http://SOURCEDOMAIN". Commented Feb 26, 2015 at 9:19
  • i dont use headers since the page just just loads in the background and returns the result through response.write to the page on the other domain. If i add <html><head> etc it will be alot more difficult to process the result i need. Commented Feb 26, 2015 at 13:07
  • HTML <head> tag is not the same thing. HTTP headers are added by the server when the page is requested, the example I give below is code that should be added to the Classic ASP that you are trying to access in the background, this will enable CORS and stop Chrome blocking the content. Commented Feb 26, 2015 at 13:16

2 Answers 2

Reset to default
6

Adding HTTP headers into a Classic ASP is a trivial process, the Response object has a method specifically for this purpose that allows you to add any custom header you want into the HTTP Headers that will be sent to the browser when the page is requested.

The method is called AddHeader() here is an example;

<%
Call Response.AddHeader("Access-Control-Allow-Origin", "http://SOURCEDOMAIN")
%>

Useful Links

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

even though i add that line at the top chrome still says "No 'Access-Control-Allow-Origin' header is present on the requested resource."
@Alan The code should be added into the page you are trying to call in the background as Classic ASP server-side code (<% %>). The header should contain the matching URL domain for the page that is trying to access the Classic ASP page in the background. If Chrome says no header is present then you have either added the code to the wrong page or some proxy is removing the header before it get's to the client browser.
I have an ASP.NET Web Service and have seen this instruction many places including that CORS site, but still have no idea where "in the page i am trying to call" to put this. Are we talking about a .asmx file? Can anyone elaborate?
@ThePartyTurtle no not really this question was about Classic ASP which is entirely different to ASP.Net
Ahhh, thanks for the clarification. Wasn't sure that "Classic ASP" was a specific name and not just how people refer to ASP.
2

I don't know if browser security has increased over the years, but in order for it to work I had to add the header: Access-Control-Allow-Credentials

So here's the solution that worked for me :

<%
Call Response.AddHeader("Access-Control-Allow-Origin", "http://SOURCEDOMAIN")
Call Response.AddHeader("Access-Control-Allow-Credentials", "true")
%>
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.