A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin'

Asked May 20 '14 at 10:13

Active May 20 '14 at 10:17

Viewed 294 times

I have websites on a lot of servers. But on every server, I use one website to cross domain requests with ajax. In php file, where is allowed acces I have this:

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header('Access-Control-Max-Age: 1000');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');

In Javascript I have something like this:

$.getJSON('http://example.com/request.php?check=' + request, function(data) {
...

On servers, it works fine, but when I am on localhost, I get this in my console:

XMLHttpRequest cannot load [request]. A wildcard '*' cannot be used in the 
'Access-Control-Allow-Origin' header when the credentials flag is true. 
Origin 'http://localhost:8102' is therefore not allowed access.

asked May 20 '14 at 10:13

Patrik Krehák

2,595
8
32
62

If you know what you're doing, you could put the requesting domain in the header by parsing `$_SERVER['REFERER']` ... – gherkins May 20 '14 at 10:21
Sorry, but `$_SERVER['REFERER']` is `undefined` on web. – Patrik Krehák May 20 '14 at 12:14

A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin'

0 Answers0