No "Access-Control-Allow-Origin" met and fixed with CORS #16
Description
While working on the yelp. js file, we have encountered a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error problem. The Yelp Api didn't let us access its server to retrieve some data with AJAX due to a specific authorization request process. We have used a CORS (Cross-Origin Resource Sharing) solution to resolve the issue. Below are attached two links showing how to fix it:
https://www.html5rocks.com/en/tutorials/cors/#toc-making-a-cors-request
WARNING: When using a CORS technique, you can be exposed to a XSS (Cross-Site Scripting) attack if the website is not HTTPS. In our case, our web app is encrypted which is a great news. It prevents us from this security breach and many others vulnerabities.