4

I have ready many of the other posts ppl have asked here about the origin not allowed blablabla,

Now I have tried to add --Access-Control-Allow-Origin and enable apps and even disabled security but every time I try my button on the php page it just keeps stating

Origin null is not allowed by Access-Control-Allow-Origin.

Can anyone help me at all? Here is the code that is causing the problem

page.php

<html land="en">
<head>
    <meta carset="utf-8">
    <link rel="stylesheet" type="text/css" href="style.css";
</head>

<body>
<!-- Document Ready Event -->
<input id="text" type="text" /><input id="submit" type="button" value="Submit" />

<div id="feedback"></div>
    <script src="../jquery-1.10.2.min.js"></script>
    <script src="script.js"></script>
</body>
</html>

Script.js

$('#submit').click( function()
{
var text = $('#text').val();

$.get( 'PHP/reverse.php', { input: text }, function( data )
    {
        $('#feedback').text( data );
    });
});
Canvas
  • 5,779
  • 9
  • 55
  • 98
  • Do you run PHP on MS IIS web-server ? – BlitZ Sep 22 '13 at 15:00
  • No I run all the scripts from my LOCAL machine – Canvas Sep 22 '13 at 15:02
  • @Canvas — What HTTP server software are you running on your local machine? – Quentin Sep 22 '13 at 18:08
  • I am using XAMPP and i have placed my PHP file in C:\xampp\htdocs\amit\reverse.php I also have a text.php which add numbers as a whole html + php file in one and that works, but i really want to get this one to work – Canvas Sep 22 '13 at 18:11
  • What URL is displayed in your browser address bar when you test this? – Quentin Sep 22 '13 at 18:13
  • Well my HTML page address is file:///C:/Users/Canvas/Documents/Important/Learning/Jquery/TuT97-98/GetHTTPRequest.php – Canvas Sep 22 '13 at 18:18

3 Answers3

5

Origin null is not allowed by Access-Control-Allow-Origin means that you are trying to perform Ajax on a local file. This is forbidden for security reasons. Even if this was not the case, your PHP wouldn't run because PHP is supported by web servers, not web browsers.

You have a web server installed. You have to request your pages through the server, rather than accessing them directly from your file system.

Use a URL starting with http://localhost/

You will need to move your files so that they are under the server's DocumentRoot (or reconfigure the server so that it can access them from their present location).

Royce Williams
  • 1,487
  • 15
  • 24
Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • Previously, you said you were using `file:///C:/Users/Canvas/Documents/Important/Learning/Jquery/TuT97-98/GetHTTPRequ‌​est.php`. You need to access the webpage over HTTP. Your code also said `'PHP/reverse.php'` which is a relative URI, so wouldn't map to `localhost` given the `file://` URL. – Quentin Sep 22 '13 at 19:16
  • If you were using an HTTP URI then you wouldn't get a complaint mentioning *origin null* because your origin wouldn't be *null* – Quentin Sep 22 '13 at 19:19
  • 1
    Origin will be set to null on a 302 as a security measure specifically in HTTP URIs. If you request resource A and that redirects you to Resource B then the browser sets the Origin to null to prevent leaking info about the original request e.g. there could be sensitive data in the url when requesting Resource A. – rism Aug 18 '16 at 01:44
3

I'm not sure which browser you are testing for. In my case, it works for all my browsers if I sent AJAX calls from local file, which means the Origin is null. I guess the reason you can not get it work is that some server side coding are needed.

Try this, add the Access-Control-Allow-Origin header to the HTTP response and set the value to *. I'm not sure how to do this in PHP, but here's a piece of Java code for your information.

response.setHeader("Access-Control-Allow-Origin", "*")

rene
  • 41,474
  • 78
  • 114
  • 152
Aaron
  • 573
  • 1
  • 5
  • 15
-1

There is this chrome plugin allows to request any site with ajax from any source. Adds to response 'Allow-Control-Allow-Origin: *' header

https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi/related

It worked for me without needing to change anything on the server side. But you should change withCredentials: false in the request, if it conforms with your tests.

shamaleyte
  • 1,882
  • 3
  • 21
  • 38
  • 1
    This is incredibly unsafe - it allows any website to send requests *as you* to anywhere they like ( see https://stackoverflow.com/questions/7564832/how-to-bypass-access-control-allow-origin/17098221#17098221 ) – DaveMongoose Sep 21 '17 at 14:39