Home/ Questions/Q 7017491
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T22:55:16+00:00

I’m trying to better understand Cross Site Scripting and lets use: http://api.beatport.com/crossdomain.xml as the

  • 0

I’m trying to better understand Cross Site Scripting and lets use:

http://api.beatport.com/crossdomain.xml as the example.

The XML lists that all domains are allowed access. However when I make the request from within my HTML page (or from within the console) it will fail with an error similar to:

XMLHttpRequest cannot load http://api.beatport.com/catalog/tracks. Origin <mydomain> is not allowed by Access-Control-Allow-Origin.

What I find weird though, is if I put the request in the address bar of my browser, the request goes through.

Can someone please explain what is going on and what I need to do to fix this because clearly the API allows access from any domain.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    XMLHttpRequest doesn’t look at crossdomain.xml, it looks at Access-Control-Allow-Origin header as mentioned in the error message.

    So the server needs to send a header like this:

    Access-Control-Allow-Origin: *

    If they don’t send that header (http://api.beatport.com/catalog/tracks doesn’t), it will be denied.

    • 0