0

Update: For some reason the server side script had Unicode characters and when I saved it through notepad it switched it to ANSII and worked fine. I'm not sure how the Unicode stuff got in there but now it's working. Hopefully this post will help someone (most likely me) in the future.

I'm getting the CORS error despite the fact that I have the correct headers in place. This was working as of a month ago and nothing has been changed on my server or client side code.

Server Side

<?php
header('Access-Control-Allow-Origin: https://mywebsite.com');  
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Content-Range, Content-Disposition, Content-Description');
header('Access-Control-Allow-Credentials: true');

Client Side error

XMLHttpRequest cannot load https://serverside.com/serversidecode.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://mywebsite.com' is therefore not allowed access.

The server side code runs completely through but will not send back success data to my client side server.

cyclops1101
  • 422
  • 3
  • 8

1 Answers1

0

This might be able to help you CORS with php headers

"Handling CORS requests properly is a tad more involved. Here is a function that will respond more fully (and properly)."

**
 *  An example CORS-compliant method.  It will allow any GET, POST, or OPTIONS requests from any
 *  origin.
 *
 *  In a production environment, you probably want to be more restrictive, but this gives you
 *  the general idea of what is involved.  For the nitty-gritty low-down, read:
 *
 *  - https://developer.mozilla.org/en/HTTP_access_control
 *  - http://www.w3.org/TR/cors/
 *
 */
function cors() {

    // Allow from any origin
    if (isset($_SERVER['HTTP_ORIGIN'])) {
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400');    // cache for 1 day
    }

    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

        exit(0);
    }

    echo "You have CORS!";
}
Community
  • 1
  • 1
rizzy
  • 162
  • 1
  • 9