Firefox does not accept Access-Control-Allow-Origin: *

Question

I want to allow access to all origins on my server, but my AJAX requests from http://localhost:8100/ in Firefox keep being rejected.

header("Access-Control-Allow-Origin: *"); // allow the use of requests in development (ionic serve in web browser).
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
header("Access-Control-Max-Age", "3600");
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization");;

"Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://my-domain.com/userLogin. (Reason: CORS header 'Access-Control-Allow-Origin' does not match '*')."

Firefox seems NOT to understand that the "*" character as a "wildcard" origin (and not to be taken literally as the origin). If I change the header as below, this works perfectly.

header("Access-Control-Allow-Origin: http://localhost:8100");

Any idea why Firefox won't accept the "*"?

Appears "*" is deemed a security risk, see http://stackoverflow.com/questions/12001269/what-are-the-security-risks-of-setting-access-control-allow-origin — rogerdpack, Apr 14 '17 at 19:03

score -1 · Answer 1 · answered Oct 08 '16 at 19:05

-1

In the case you just want YOUR firefox to enable CORS :
https://addons.mozilla.org/fr/firefox/addon/cors-everywhere/

answered Oct 08 '16 at 19:05

Antoine Martin

1,903
2
16
28

Firefox does not accept Access-Control-Allow-Origin: *

1 Answers1

Linked