3

I have just moved my application to production server and getting an error when i try to access the page using "www" When i try to load my page as "http://example.com" it load the page and content properly and when i try to access page like "www.example.com" my all ajax calls are giving errors like :

XMLHttpRequest cannot load http://example.com/dashboard/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.example.com' is therefore not allowed access.

I am using PHP with angular.

Suresh Kamrushi
  • 15,627
  • 13
  • 75
  • 90
  • [Refer This question. Cross domain ajax request ](http://stackoverflow.com/questions/15477527/cross-domain-ajax-request) – Prashant Gurav Apr 29 '16 at 07:08
  • You have to add `Access-Control-Allow-Origin` Header at server side. – Ankit Pundhir Apr 29 '16 at 07:08
  • But i am not requesting to a different domain. why my ajax requesting is taking as a different domain (www in url)? – Suresh Kamrushi Apr 29 '16 at 07:14
  • 1
    Yes, www is a subdomain kind of actually, so example.com and www.example.com is two different things, people usually alias to same thing –  Apr 29 '16 at 07:25

4 Answers4

1

Is your website served with www and without it the same way? if not maybe you could add rewrite rule to htaccess so version with www and without it would serve both the same way? In such case you should not get cross domain error

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
Nick Surmanidze
  • 1,671
  • 1
  • 11
  • 20
0

This issues is occurring because you have not set the access control origin at your server side. You can solve this issue by setting it at server end 

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: *");
Nitheesh
  • 19,238
  • 3
  • 22
  • 49
  • `Access-Control-Allow-Headers` doesn't support wildcard characters, refer to documentation! You have to manually add all the headers you want client to allow by yourself –  Apr 29 '16 at 07:15
0

When you make a request from browser, browser does a prefetch (sometime it doesn't) in either case, it checks if Access-Control-Allow-Origin actually allows your client's site to make request on different domain (web security stuff). If that doesn't match to where you are sending request from, browser blocks the request and doesn't send it.

To make request, you will need to edit the server side (on PHP), you should allow that domain, it also supports wildcards:

<?php
header("Access-Control-Allow-Origin: www.example.com");
?>

Now you can start making requests from anywhere, you can also limit the requests to specific domain so that only one domain can send you requests like:

header("Access-Control-Allow-Origin: example.com");

0

This is to be expected. The Same Origin Policy states:

Two pages have the same origin if the protocol, port (if one is specified), and host are the same for both pages.

www.example.com and example.com are different hostnames, so you are crossing origins.

While the colloquialism is to refer to cross-domain requests, it is cross-origin requests that are significant; cross-domain requests are only a subset of those.

Don't host your site on multiple hostnames, pick one and stick to it. (You'll probably want to set up a redirect from the other one to it).

Using relative instead of absolute URIs would also reduce the possibility of this kind of mistake.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • if I make a redirect from www.example.com to example.com than it will work with ajax calls? – Suresh Kamrushi Apr 29 '16 at 08:27
  • @SureshKamrushi — If you redirect from www.example.com to example.com then the origin of the request will be example.com. Since you are making the request to example.com, they will have the same origin so the same origin policy won't block the JS from reading the response. – Quentin Apr 29 '16 at 08:28