CORS: What It is and How to HandleCORS: What It is and How to Handle

What

Sometimes when trying to leverage data from Pure by trying to call the Pure web service directly from JQuery from a different web site/domain. This results in the browser refusing to make the call with the message CORS header ‘Access-Control-Allow-Origin’ missing.

Example:

Access to XMLHttpRequest at 'https://pure.elsevier.com/ws/api/522/research-outputs?order=publicationYearAndAuthor&locale=en_US&pageSize=12&apiKey=?page=2' from origin 'http://drupal.docker.localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Why

The issue you see with CORS headers is a "red flag" that you are trying to do something that could lead to security issues.
The below document outlines possible solutions on how to work around this.

• CORS-solution.pdf

More information

Note: Some of this information is for internal use only and might not be accessible.