JavaScript has hindered cross-origin response due to Cross-Origin Read Blocking (CORB)

Question

JavaScript has hindered cross-origin response due to Cross-Origin Read Blocking (CORB)

I am having trouble retrieving JSON responses from an API. The error message "Cross-Origin Read Blocking (CORB) blocked cross-origin response" keeps popping up. I've tried searching online for a solution to this problem, but so far, I haven't been successful.

The API is supposed to provide a generated session.

When I check the headers, I can see that there are multiple headers attached to the request.

Interestingly, if I directly paste the URL into my web browser, I am able to get the JSON response with the values. However, when I use the URL in an ajax function, I am denied access.

    jQuery.ajax({
        type: 'GET',
        crossOrigin: true,
        url: "https://apitest.mobzgo.co.za/getSession?username=********&passingword=*****",
        dataType: "jsonp",
        contentType: "jsonp;",
        success: function (response) {
          alert(JSON.stringify(response));
        },
        error: function (jqXHR, exception, errorThrown) {
            var msg = '';
            if (jqXHR.status === 0) {
                msg = 'Not connect.\n Verify Network.';
            } else if (jqXHR.status === 404) {
                msg = 'Requested page not found. [404]';
            } else if (jqXHR.status === 500) {
                msg = 'Internal Server Error [500].';
            } else if (exception === 'parsererror') {
                msg = errorThrown;
            } else if (exception === 'timeout') {
                msg = 'Time out error.';
            } else if (exception === 'abort') {
                msg = 'Ajax request aborted.';
            } else {
                msg = 'Uncaught Error.\n' + jqXHR.responseText;
            }
            alert(msg);
        } 
    });

javascript ajax xmlhttprequest cross-browser cross-domain

Answer 1

Answer №1

Errors known as CORB occur when you attempt to handle data from a different source as if it were a different type of data.

For example,

<img src="http://example.com/foo.html">

- an HTML document being treated as an image.

In this scenario, specifying dataType: "jsonp", means you are interpreting the URL as JavaScript (since JSONP is essentially a Javascript format). However, since it's not JavaScript, instead of attempting to execute it and encountering errors, it throws an exception upon recognizing that it's not JS.

As a side note: contentType: "jsonp;", — JSONP is not a content type, and since you are sending a GET request, there is no request body to define its type. Furthermore, JSONP requests cannot specify the content type. This approach is incorrect and redundant in numerous ways.

It's important to acknowledge that JSONP is considered to be problematic. It has limitations and security risks. With the availability of CORS in modern APIs, supporting cross-origin requests using JSONP is unnecessary. CORS offers a much more secure and robust solution.

Answer 2

Errors known as CORB occur when you attempt to handle data from a different source as if it were a different type of data.

For example,

<img src="http://example.com/foo.html">

- an HTML document being treated as an image.

In this scenario, specifying dataType: "jsonp", means you are interpreting the URL as JavaScript (since JSONP is essentially a Javascript format). However, since it's not JavaScript, instead of attempting to execute it and encountering errors, it throws an exception upon recognizing that it's not JS.

As a side note: contentType: "jsonp;", — JSONP is not a content type, and since you are sending a GET request, there is no request body to define its type. Furthermore, JSONP requests cannot specify the content type. This approach is incorrect and redundant in numerous ways.

It's important to acknowledge that JSONP is considered to be problematic. It has limitations and security risks. With the availability of CORS in modern APIs, supporting cross-origin requests using JSONP is unnecessary. CORS offers a much more secure and robust solution.

JavaScript has hindered cross-origin response due to Cross-Origin Read Blocking (CORB)

Answer №1

Similar questions

`Zooming and scrolling feature within a masked image`

Identifying an Object by Clicking with the Mouse in three.js

Modify the background color based on the length of the input in Vue

Ways to display or conceal various divs by employing an if/else statement?

Instructions on invoking a function from one controller within another controller

Getting the iframe onload event in an ASP.NET application

Understanding variable scopes in the success callback function of a JQuery post request

What is the best way to spin a div HTML layer?

Changing letter cases in a textbox using Javascript

Is React the best solution for managing a lengthy list that requires constant data updates?

Ways to retain specific div elements following the execution of .html(data) command

The use of p-message in Angular's PrimeNg library is not permitted

Applying a translucent layer of color to a jpeg image to create a subtle background effect

Ensuring the Accuracy of POST Parameters Using Express-Validator

Assinging a value to a JavaScript variable using C# Jint

Utilizing the v-for directive to loop through JSON data with unique IDs and linking them to Input components in PrimeVue

parsing a TypeScript query

Adjust the size of child divs in relation to their parent divs using jQuery

Troubleshooting Images in a React Application Integrated with WordPress API

The construction of the Gatsby site encountered a major obstacle