I'm working on AngularJS and PHP application. When I try to run the index.html page, its throwing this error,
MLHttpRequest cannot load http://...... No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost' is therefore not allowed access.
The response had HTTP status code 500.
Working on LAMP.
I know I need to include the header files. But where should I include it? Should I include it in config.php where I had definded my database? If not then where??
You are missing CORS settings on your PHP headers, try adding following:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With');
header('Access-Control-Allow-Credentials: true');
Set header:
header('Access-Control-Allow-Origin: http://example.com', false);
Related
I got a simple PHP server running on my local. I send requests from frontend to the PHP server. But I get CORS error even though 'header('Access-Control-Allow-Origin: *')' is present on the PHP file.
Frontend runs on 8080 port and PHP server runs on 3000 port.
Here is the error I get
Access to XMLHttpRequest at 'http://localhost:3000/' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
And these lines are at the top of the PHP file
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Credentials: true");
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
header('Access-Control-Max-Age: 1000');
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token , Authorization');
Any idea why?
I have a Vue app under http://localhost:8080 and PHP API under http://vue-api.test. API requests are handled in Axios.
The problem is that $_SERVER['HTTP_REFERER'] in my API gives me always http://localhost:8080/ even if the request is sent from http://localhost:8080/page or http://localhost:8080/bla-bla-bla. Simply full path is cutted.
I tried to set different policies in Axios via headers headers: {'Referrer-Policy': 'unsafe-url'}, but it always gives me only hostname, not the full path (http://localhost:8080/page or http://localhost:8080/bla-bla-bla).
I need to know the full path of the page in my API where the request has been invoked from.
Headers in my API:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token, Referrer-Policy');
I'm sending a post request with XMLHttpRequest to my other domain in local but I get the CORS error below:
Failed to load http://another.local/: The 'Access-Control-Allow-Origin' header contains multiple values '*, http://example.local', but only one is allowed. Origin 'http://example.local' is therefore not allowed access.
I had set header in PHP as below:
<?php
header("Access-Control-Allow-Origin: *",false); //header("Access-Control-Allow-Origin: *");
header('Access-Control-Allow-Methods: POST, GET');
header("Access-Control-Allow-Credentials: true");
header('Access-Control-Max-Age: 1000');
header("Content-type:application/json");
readfile('data.json');
Despite setting the header, I'm still getting the CORS error; what am I doing wrong and how can I fix it?
You can try setting header('Access-Control-Allow-Origin: *');
And also check whether you have the same header twice
Finally, I fix this problem.
I use Laragon for PHP development and I don't know its Laragon configuration or apache that by default they set this in the config file:
Header always set Access-Control-Allow-Origin "*"
and this makes conflicts with headers that I set in PHP. I comment it and can set headers with no problems.
thanks to #Thamaraiselvam & #rahul-mukherjee for helping me.
You can try with
header('Access-Control-Allow-Origin: http://example.local', false);
if you have not set the http methods you can use :
header("Access-Control-Allow-Credentials: true");
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
header('Access-Control-Max-Age: 1000');
header("Access-Control-Allow-Headers: ACCEPT, CONTENT-TYPE, X-CSRF-TOKEN");
Note: please change the values as per your requirement:
I used Angular js for frontend application and for backend i used laravel 5.2, I already install cors origin allowed in my project
because all data transfer very good, but when I upload images using
ajax and base64, then I get this message from my browser:
XMLHttpRequest cannot load http://www.api.panakeias.com/updateTeacherpicprofile/9. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. The response had HTTP status code 500.
I deployed my two project on digital ocean LEMP Stack Ubuntu 16.04
frontend project is on main domain and backend project is on sub-domain.
Add this code on top of your route.php:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT');
header("Access-Control-Allow-Headers: Authorization, X-Requested-With, Content-Type, Accept");
I have a PHP file which generates a JSON document.
I've set the header as follows but am still getting an error.
header('Access-Control-Allow-Origin: *');
header('Content-Type: application/json');
Error message:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://mysubdomain.mydomain.com' is therefore not allowed access.
I've tried explictly allowing mysubdomain.mydomain.com using
header('Access-Control-Allow-Origin: https://mysubdomain.mydomain.com');
But I still get the error.
It doesn't look there is anything wrong with the code that sets the header, but you may want to check if the header is actually being set. Use curl -i http://yourapp to check the response headers being sent to debug it. Alternatively, you can use the network tab in Google Chrome's web inspector, or the Network tool in Firefox's Web Developer tools.
with htaccess file you can try to set :
Header always set Access-Control-Allow-Methods "POST, GET, PUT, OPTIONS, PATCH,DELETE"
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Headers "content-type,Authorization,Cache-Control,X-Requested-With, X-XSRF-TOKEN"
Or with PHP:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Headers: Authorization, Content-Type, x-xsrf-token, x_csrftoken, Cache-Control, X-Requested-With');
Such a situation may arise when an error occurs on the requested page. In this case the error page sets headers, that likely has no Access-Control-Allow-Origin header.