3

It's the very famous browser error. I know it has been discussed a lot but I've noticed is a very generic error so I want to present my problem.

I am making simple requests (get,post) on a server where I have access. My browsers (chrome, firefox) give me Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at url (Reason: CORS header 'Access-Control-Allow-Origin' does not match 'null'). error.

When I use some of (hacking)plugins I get the responses fine.

What I've tried is to add on my back-end (on server):

header('Access-Control-Allow-Origin: *');

in index.php file with no luck. Any other ideas ?

korteee
  • 2,640
  • 2
  • 18
  • 24

5 Answers5

6

Try adding

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: PUT, GET, POST");
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");
ddepablo
  • 677
  • 1
  • 5
  • 16
  • No luck... Am I missing something as regards the file where I should put the headers ? – korteee Mar 31 '16 at 12:33
  • Just add to your main php file – ddepablo Mar 31 '16 at 12:41
  • that's the index.php file – korteee Mar 31 '16 at 12:58
  • I've had this problem as well. The way I solve it is to have your request made to a file "in" your own domain, and in turn, that file does a `curl` request (in PHP) to the site/page/server that you need data from. – Adam T Mar 31 '16 at 13:35
  • If you are making this request via AJAX from an HTML or PHP page, you would likely be calling the cross-domain URL directly. -- Now my approach, you create a new php file (call it `fetch.php` if you like). The AJAX url will now be "fetch.php". On the page `fetch.php` you instantiate a `curl` request to the cross-domain URL you were trying to reach. PHP Curl requests are typically not blocked the same way as AJAX requests in terms of cross-domain. – Adam T Mar 31 '16 at 18:12
1

I have solved this issue.

  1. In your config.php add www pre in your domain.com exa.

// HTTP

define('HTTP_SERVER', 'http://domain name with www/');

// HTTPS

define('HTTPS_SERVER', 'http://domain name with www/');

  1. Add you htaccess file

    RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L]

tousif
  • 749
  • 2
  • 12
  • 31
Dharmendra Manikpuri
  • 31
  • 1
  • 1
  • 2
0

There are several ways to do this. One way is the javascript way, which requires a callback and one example can be found here: Loading cross domain html page with AJAX

Another way is to utilize PHP's curl functionality. Of course there are many ways to do this, but one method that works well for me is to:

  • Create a standalone php page (can call it "fetch.php" if you like) that has 1 job. That job is to make a curl request to a given URL (your cross-domain url in this case) and echo the data that it gets from the remote site.
  • Change the AJAX URL from the cross-domain URL to the name of file created in previous step.
  • AJAX then knows it's making an HTTP request to a location inside its current domain even though it's getting its data from a cross-domain location.

Hope this helps, Adam

Community
  • 1
  • 1
Adam T
  • 675
  • 8
  • 22
0

You can whitelist the blocked URL like:

script-src 'unsafe-inline' https: 'nonce-abcdefg' 'strict-dynamic'

Dharmendra Manikpuri
  • 31
  • 1
  • 1
  • 2
-2

I tried adding a chrome plugin "Allow-Control-Allow-Origin" after several tries with server side changes. Everything worked fine.

Stackhelper
  • 53
  • 3