CORS failing even when header present

Question

I am using a CORS request to post data to a php script on a different domain. I am getting the error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at 'mydomain'(Reason: CORS header 'Access-Control-Allow-Origin' missing).

I have already set the headers in php using the following code.

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: OPTIONS, GET, POST");

I have also tried the code in this post

This is the javascript code for reference

$.ajax(url, {
    type:"POST",
    dataType:"json",

    data: {
        name:"something"
    },

    success:function(data, textStatus, jqXHR) {
        alert("success");
    },

    error: function(jqXHR, textStatus, errorThrown) {
        alert("failure");
    }
});

Response Headers

Age:1
Cache-Control:max-age=900
Connection:keep-alive
Content-Length:356
Content-Type:text/html; charset=utf-8
Date:Sun, 19 Apr 2015 04:26:27 GMT
Server:Microsoft-IIS/7.5
X-AspNet-Version:4.0.30319
X-Powered-By:ASP.NET

Request Header

Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Content-Length:14
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
DNT:1
Host:www.jurney.co
Origin:http://isabelinc.in
Pragma:no-cache
Referer:http://isabelinc.in/jurney/testcors.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36

But I've had no luck. Any help is appreciated

Could you add the HTTP headers of the queries ? I think you will see an `OPTIONS` request first (that needs CORS headers in the response), *then* the `POST` request (that needs the CORS headers too). — David Duponchel, Apr 18 '15 at 19:03
I've added the headers to the question. I dont see any OPTIONS in the requests only a POST — Isabel Inc, Apr 19 '15 at 04:36
I don't see any CORS headers in the response. When your browser is on isabelinc.in and call jurney.co with an ajax call, jurney.co must add CORS headers to tell the browser that yes, it allows isabelinc.in (or "*") to do that. If you are sure that the `headers("Acess-Control...")` are here, look for PHP warnings saying `Warning: Cannot modify header information - headers already sent`. — David Duponchel, Apr 19 '15 at 06:58
I've checked everything, I cant tell where the issue is. I can't see any errors on the php file. If you go to [link](http://www.jurney.co/cors/cors.php) and inspect the network panel you can see the headers. But you cant see them on the actual request on this link [link](http://isabelinc.in/jurney/testcors.html). I can't understand why it's not sending the headers — Isabel Inc, Apr 19 '15 at 17:33
I don't see the headers when I call the jurney.co link, directly or via the ajax query. I do see a `Server: Microsoft-IIS/7.5` `X-AspNet-Version: 4.0.30319` and `X-Powered-By: ASP.NET` : are you sure this is the right php server ? — David Duponchel, Apr 19 '15 at 18:46
Sorry David. I was changing things around to see if I can get it to work. This is the link [jurney](http://jurny.co/cors/cors.php). It should echo header sent — Isabel Inc, Apr 19 '15 at 19:51

score 0 · Answer 1 · answered Aug 04 '16 at 10:05

Try this:

<?php
    // Allow from any origin
    if (isset($_SERVER['HTTP_ORIGIN'])) {
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400');    // cache for 1 day
    }

    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers:        {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

        exit(0);
    }

    echo "You have CORS!";
?>

Thanks for the answer. I have no way to test this anymore so I won't really know if it works. I scrapped the idea eventually and used cURL instead. Thank you again for your answer — Isabel Inc, Aug 04 '16 at 11:34

CORS failing even when header present

1 Answers1