Same-origin policy

Question

I'm getting this error while calling javascipt:

XMLHttpRequest cannot load https://sub.domain.com/actions/action1.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.domain.com' is therefore not allowed access.

Javascript is placed here: https://www.domain.com/page.php
Javascript do job through: https://sub.domain.com/actions/action1.php (requested resource)

I have found the easiest way how to solve this problem (same-origin policy):

<script type="text/javascript">
document.domain = 'domain.com';
</script>

But this isn't solving my problem. I have also tried to add this piece of code to both pages, but still nothing.

Any simple suggestions how to solve it?

[Enable CORS](http://enable-cors.org/) in the ``domain.com`` or you need to proxy all the XHR request — Sarbbottam, Jul 20 '14 at 19:19

score 2 · Accepted Answer · edited May 23 '17 at 12:13

2

As stated in the error, you will need to add the Access-Control-Allow-Origin to the headers of the response, or use a different method such as JSONP. This is a JavaScript security feature to prevent cross site scripting and cannot be circumvented.

edited May 23 '17 at 12:13

Community

1
1

answered Jul 20 '14 at 19:18

doublesharp

26,888
6
52
73

Thank you, this code in .htaccess solved my problem - `Header set Access-Control-Allow-Origin "%{HTTP_ORIGIN}e" env=HTTP_ORIGIN` – user2406937 Jul 20 '14 at 19:40
But I would like to know if it is necessary to add this code only in .htaccess placed in subdomain folder, in main folder, or both? – user2406937 Jul 20 '14 at 19:55

Same-origin policy

1 Answers1