2

I am using loadGeoJson to try and load data across domains. I am aware that I need to implement CORS to provide the necessary permission. The response header needs to include the following declaration:

Access-Control-Allow-Origin: *

I have modified the apache2.conf file in /etc/apache2 and added the following:

<ifModule mod_headers.c>
   Header set Access-Control-Allow-Origin: *
</ifModule>

When I load my page containing the cross domain script in Firefox, everything works fine and I can see that the Access-Control-Allow-Origin has been set:

Firefox

The problem arises when I load the same page in Chrome where I continue to receive the following error:

No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://results.ptax.ca' is therefore not allowed access.

How can the same page work perfectly in Firefox, but throw an error in Chrome? Any ideas what I might be doing wrong?

TylerH
  • 20,799
  • 66
  • 75
  • 101
DanielAttard
  • 3,467
  • 9
  • 55
  • 104
  • Can you provide a screenshot of what the request and response headers look like in Chrome (similar to what you did in JavaScript)? Also, can you recreate the CORS request using curl: http://stackoverflow.com/questions/12173990/how-can-you-debug-a-cors-request-with-curl – monsur Jun 06 '14 at 02:16
  • 1
    Hi @monsur, I am using CodeIgniter, and for some reason I configured a Base Site URL, even though doing so is optional. Once I removed this particular configuration setting, I stopped getting the error for `Access-Control-Allow-Origin`. – DanielAttard Jun 06 '14 at 04:26
  • That is good to know. I'm curious, what does the code to set the Base Site URL look like? – monsur Jun 06 '14 at 04:33
  • The setting in CodeIgniter is in /application/config/config.php and this is it: ` $config['base_url'] = 'http://www.mydomain.ca/'` – DanielAttard Jun 06 '14 at 04:55

1 Answers1

-2

Chrome sometimes rejects wildcard CORS (*). This happens for example if you are using the withCredentials option.

Set the actual domain (including protocol and [if neccessary] port like https://example.com:8008) in your CORS config.

z3rone
  • 176
  • 14