How to use Access-Control-Allow-Origin: https://www.example.com?

Question

I want to make HTTPS calls from an HTTP webpage. I hope to solve this problem with Access-Control-Allow-Origin. How can I use it?

Search before asking... http://stackoverflow.com/a/6120260/1626399 — bobthyasian, Dec 13 '12 at 10:25
The HTTPS server needs to send it's [access control _Allow-Origin_ and _Credentials_](https://developer.mozilla.org/en/docs/HTTP_access_control) headers which permit the origin of the ajax call. — Paul S., Dec 13 '12 at 10:56

score 10 · Answer 1 · answered Apr 28 '13 at 20:07

On the HTTPS page (that you are requesting from the HTTP page) set the header:

Access-Control-Allow-Origin: http://www.example.com

You can do this in PHP with:

<?php
    header("Access-Control-Allow-Origin: http://www.requesting-page.com");
?>

Alternatively if that doesn't work, you could create a file on your HTTP server (where the request is coming from) that downloads and displays the contents, this can be done in PHP with:

<?php
    echo  file_get_contents("https://www.requested-page.com");
?>

I would not advise doing this as it requires extra bandwidth and isn't good practice, it should only be used if you can't do the first option. Furthermore, if a developer has set the access control to be restricted it's probably for a reason.

score 1 · Answer 2 · edited May 23 '17 at 11:46

1

You can't, really. It's the browser preventing it. Security reasons. You can look into cURL. Read this posting: https-request-via-ajax-from-http-page

edited May 23 '17 at 11:46

Community

1
1

answered Dec 13 '12 at 10:45

bobthyasian

933
5
17

How to use Access-Control-Allow-Origin: https://www.example.com?

2 Answers2

Linked