how can i solve Access-Control-Allow-Origin problem on Codeigniter? I've tried header('Access-Control-Allow-Origin: *'); etc. But no response still have the problem. Need help about this one. Regards.
My PHP codes: http://codepaste.net/r27eua
My JS codes: http://codepaste.net/ev35me
where do you write the header code? I thing you have to write it on page which will be opened by your request!
This might be an old question, but for sake of people who will bump in here like I did, this is how I solved my CORS puzzle.
If you use apache, make sure you have mod_headers enabled, this is enabled by default, but just to be sure, you can run sudo a2enmod headers in terminal.
Then on your .htaccess file, add the below code.
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
</IfModule>
Voila...
Related
I am trying to send some requests from my angular app to my local xampp server, but the requests are blocked due to CORS Policy.
I have already added following line to the httpd.conf file:
Header set Access-Control-Allow-Origin *
I have also added an .htaccess file to my htdocs folder with following content:
Header set Access-Control-Allow-Origin *
I have also added this to my php file:header("Access-Control-Allow-Origin: *"); but this had no impact as well.
My angular app runs on localhost:4200 and the xampp runs on localhost:80
I know allowing every origin is a great security issue, but it is only for testing purpose.
I think you need a few more headers from your server side, namely Access-Control-Allow-Methods and Access-Control-Allow-Headers.
header("Access-Control-Allow-Origin: http://localhost:4200");
header("Access-Control-Allow-Methods: GET,POST,PUT,OPTIONS");
header("Access-Control-Allow-Headers:*");
Try modifying your http.conf like this
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
I am running an angularjs application in my local system apache(http://localhost:8080). Here am trying to hit an API with post method. My API(http://php.mpect.com/demo/login.php) is hosted in godaddy server domain. Its a PHP file. I included
header('Access-Control-Allow-Origin: *');
in my php file, but still am getting
XMLHttpRequest cannot load http://php.mpect.com/demo/login.php.
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:8080' is therefore not allowed access.
I am new to php and godaddy server. How can I solve this? Is there any way to include headers in godaddy domain? sorry for my english. Can anyone please provide me solution code to acheive this CORS problem. Thanks in advance.
Add the configuration into your .htaccess file and you will be fine. This will ensure that the important CORS headers will set on any request. Ensure you have enabled mod_headers on apache2.
# Always set these headers.
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
I have a PHP application where I conditionally set the Access-Control-Allow-Origin header. I see the change reflected on my local setup and on the dev environment, but on the live site, the header is set as something else. The other headers that I set along with it keep their values, so it leads me to believe that the Access-Control-Allow-Origin header is being overwritten somewhere else.
I've checked the .htaccess files in my project and the apache virtual host configuration file for possible places the header could be overwritten. It was being set in the virtual host config file, but I commented it out and restarted apache, but the header is still being overwritten.
Is there any other place that I can check to see if the header is being overwritten?
Thanks in advance for your help!
Here is the requested PHP code snippet:
$origin=$front->getRequest()->getHeader('Origin');
if($origin && (preg_match('/http[s]{0,1}:\/\/' . $front->getRequest()->getHttpHost() . '$/', $origin))){
$front->getResponse()->setHeader('Access-Control-Allow-Origin', $origin);
$front->getResponse()->setHeader('Access-Control-Allow-Credentials', 'true');
}else{
//leave current value if there is no match
$front->getResponse()->setHeader('Access-Control-Allow-Origin', '*');
}
I'm pretty sure the header is being overwritten by something else because I can see the Access-Control-Allow-Credentials:true come through as expected, but Access-Control-Allow-Origin has a value of *.
I did some more digging and found this link to do the same in the .htaccess. I ended up adding the following:
SetEnvIf Origin "^http(s)?://(.+\.)?(www.example.com)$" origin_is=$0
Header set Access-Control-Allow-Origin %{origin_is}e env=origin_is
Header set Access-Control-Allow-Credentials true env=origin_is
You can set header from htaccess:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
Or from PHP:
header("access-control-allow-origin: *");
You can use:
<IfModule mod_headers.c>
<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
to apply htaccess header for specified files.
I have a subdomain "x.domain.com" which then calls files from the static file subdomain "y.domain.com".
In my config file I have:
require_once("/var/_BACKEND$/functions/cors.php");
This includes the file fine. The contents of "cors.php" is the code contained in the answer for this question:
CORS with php headers (I have tried searching this problem!!)
In the bottom of the config file I also have the code:
if(!function_exists('cors')) die("err"); else cors();
Now for some reason, despite the code being exactly as it is above, and the file including fine, I am still receiving the following error from the Browser:
XMLHttpRequest cannot load
http://y.domain.com/scripts/ajax.php. No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://x.domain.com' is therefore not allowed
access.
Using a header checker also brings the following results:
The 302 is intentional.
This all appears as it should
You can't do that.
Access-Control-Allow-Origin must be present on the actual resource that access is being allowed to, not just a redirect. (Otherwise, you could bypass security restrictions by sending this header on a redirect to anything you wanted!)
Did you tried to use that by .htaccess ?
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
Enable a2enmod headers
or modify your php script and replace * (asterisk) with x-requested-with
I tried since 5 days to configure correctly CORS to solve the error :
So I tried to add :
header('Access-Control-Allow-Origin: *');
On my webservice (on the same server but different domain name), I got this error :
Request header field Authorization is not allowed by Access-Control-Allow-Headers
Then I tried to add :
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
To a .htaccess file that I created.
But still doesn't work.
Any idea ?
Thanks a lot in advance.
You must include an Access-Control-Allow-Headers header in your response with the proper acceptable header names, just as the error message suggests. It sounds like you do not know how to properly handle CORS requests. Please read this document on MDN, which explains how to handle CORS requests. This will answer all of your questions.