CORS and Google Fusion Tables

Google Fusion Tables is a service for storing tabular data online. It has an API that allows you to make an SQL-like request for data from an online table, like the following: sql=SELECT * FROM 1906375 (clicking the link will download a small CSV file)

CORS and Google Fusion Tables

I expect Fusion Tables to have support for CORS, because of the comments on issue 554 in the fusion tables issue tracker. To issue a XMLHttpRequest at fusion tables try the following:

  • Stay on this page
  • Open up a javascript console (Chrome: Javascript Console, Firefox: Firebug)
  • Select the “Network” tab if you’re using Chrome
  • Type in the following in the Javascript console:
xhr = new XMLHttpRequest()"GET","*%20FROM%201906375")

Bummer, it doesn’t work.

Looking at the Network tab of the console, apparently Fusion Tables does not set the appropriate CORS response headers (Access-Control-Allow-Origin: *), and the request is blocked by the browser (Chrome) with the message:

Origin is not allowed by Access-Control-Allow-Origin.

This is not what was expected, so what is wrong? I’ve asked this question on stackoverflow, and maybe an answer has turned up by now.

Doing the same using curl:

curl -H "Origin:" "*%20FROM%201906375" --verbose

CORS and

For an example that works, try the following:

  • Open up a tab on a site other than, e.g. my other site
  • Open up a Javascript console while that tab is selected (select the “Network” tab, if you use Chrome)
  • Type in the following:
xhr = new XMLHttpRequest()"GET","")

You should see in the Network tab that it worked…

Leave a Reply