4

My application(A) needs to upload files by AJAX (Fineuploader library) to my subdomain(B) (physically other server).

What is my solution: set headers on B to allow requests from A. See this code of controller action:

public function imageAction()
{
    $this->_response->setHeader('Access-Control-Allow-Origin', 'http://' . Zend_Registry::get('config')->main_server->path);
    $this->_response->setHeader('Access-Control-Allow-Headers', 'Content-Type, Content-Range, Content-Disposition, Content-Description');

    $this->_helper->json(array('test'));
}

Then I try to call this action by ajax from A. Request has the next headers:

Request URL:http://sub.domain.dev/upload/image
Request Method:OPTIONS
Status Code:403 Forbidden
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:access-control-allow-origin, x-mime-type, origin, x-requested-with, cache-control, x-file-name, content-type
Access-Control-Request-Method:POST
Connection:keep-alive
Host:sub.domain.dev
Origin:http://domain.dev
Referer:http://domain.dev

What I have done wrong? Thanks.

P.S. When I send request with these headers:

Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip,deflate,sdch
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Content-Length:0
Host:sub.domain.dev
Origin:http://domain.dev
Pragma:no-cache
Referer:http://domain.dev

Tho I think that problem in headers, sended by server.

Alex Pliutau
  • 21,392
  • 27
  • 113
  • 143
  • crossdomain ajax? Have you heard of SOP? – Robert Jul 08 '13 at 10:36
  • Does this help? http://stackoverflow.com/questions/13609296/zend-framework-2-ajax-request-from-other-server – Jon Jul 08 '13 at 10:43
  • @Robert, sure, crossdomain ajax. Maybe you can help me? Its possible. But I have a War with these headers. – Alex Pliutau Jul 08 '13 at 10:53
  • @Jon, thanks. I have setted these headers. But no luck: 403 Forbidden. – Alex Pliutau Jul 08 '13 at 10:54
  • @plutov can you confirm you definitely don't get the 403 when making the request from a page on subdomain B? Given that the Origin headers are being set correctly it's worth making sure that the server isn't rejecting the request for a different reason (like the Request Method for example). – Jon Jul 08 '13 at 11:23
  • @Jon, yes. When I call this page from owner domain, I have correct headers. – Alex Pliutau Jul 08 '13 at 12:55
  • 1
    I have found the reason. Apache return 403 access forbiden for OPTIONS method. How can I fix it? – Alex Pliutau Jul 08 '13 at 14:06
  • @plutov Have a look at this: http://stackoverflow.com/questions/2934554/how-to-enable-and-use-http-put-and-delete-with-apache2-and-php – Jon Jul 08 '13 at 14:48
  • @Jon, thanks. I've found an answer. Noew i use CORS with new version of FineUploader. Thanks! – Alex Pliutau Jul 08 '13 at 16:13
  • @plutov Great, please can you answer your own question and mark it as accepted? Thanks! – Jon Jul 09 '13 at 08:54

1 Answers1

0

Did you try to use this jquery plugin jQuery-File-Upload ?

Document page about cross-domain uploads.

Bastien D
  • 1,395
  • 2
  • 14
  • 26