0

Using PHP and HTML5 to upload cross domain XHR, I cannot seem to get my domain allowed at the target host.

The accepting PHP script uses the following headers:

<?php 
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: *");
?>

Still, when uploading from server A to B, Chrome tells me " Origin http://www.domain.com is not allowed by Access-Control-Allow-Origin. " (I've replaced the actual domain with domain.com).

I've read through numerous threads here on Stack for the past 4 hours, still no solution.

Thank you in advance.

Rasmus
  • 3
  • 1
  • 3
  • To be clear, you have an ajax request on site1.com that tries to post a resource to site2.com, and site2.com has these headers in its response? I just want to make sure I am reading correctly. – 000 Jun 29 '13 at 18:44
  • 1
    * not acceptable for Allow-Headers, http://stackoverflow.com/questions/8719276/cors-with-php-headers – Patrick Evans Jun 29 '13 at 18:46
  • Sorry for being unclear: I want to upload a file from site A to site B using xhr.upload to transfer it. I tried replacing Allow-Headers: * with Allow-Headers: http://domain.com - still same problem :/ – Rasmus Jun 29 '13 at 18:52
  • Figured it out. Apparently, in PHP, header("Access-Control-Allow-Headers: *"); is not allowed. I resolved it by putting header("Access-Control-Allow-Headers: Cache-Control, X-CSRF-Token, X-Requested-With, X-File-Name, X-File-Size"); instead. Hopefully, I'll be able to save someone else 4 hrs of suicidal tendencies. – Rasmus Jun 29 '13 at 19:03
  • 1
    If you've answered your own question please post an answer (you can do that) and accept it. You'll get the kudos and it'll save others having to read all the comments to find the solution :) –  Jun 30 '13 at 02:32

0 Answers0