Access-Control-Allow-Origin htaccess file not working

Question

I am trying to enable HTTP access control (CORS) on a site using a .htaccess file with the following code:

Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Origin "Content-Type"
Header set Access-Control-Allow-Methods: "GET"

But I keep getting the error

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [DOMAINNAME] (Reason: CORS header 'Access-Control-Allow-Origin' does not match 'Content-Type').

What am I doing wrong? Every tutorial I've found seems to suggest it should work.

-edit- In Chrome the debug tools give me this additional info:

Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains the invalid value 'Content-Type'.

Look [here](http://stackoverflow.com/questions/24371734/firefox-cors-request-giving-cross-origin-request-blocked-despite-headers). Seems to be a security certificate issue. — Joe, Jul 12 '16 at 13:42

score 11 · Accepted Answer · answered Jul 12 '16 at 14:41

11

Try with:

Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Content-Type"
Header set Access-Control-Allow-Methods "GET"

answered Jul 12 '16 at 14:41

Croises

18,570
4
30
47

3

@thickguru Changing the second line from Access-Control-Allow-Origin to Access-Control-Allow-Headers – evilscary Jul 12 '16 at 14:51
1

Success! Thanks so much. – evilscary Jul 12 '16 at 14:51
Ah, everything just blurred into one! My mistake. – Joe Jul 12 '16 at 14:51

Access-Control-Allow-Origin htaccess file not working

1 Answers1

Linked