0

Recently I tried header('Access-Control-Allow-Origin: *'); to post to other domain and it was working fine. This is the whole code and still working fine.

<?php
 header('Access-Control-Allow-Origin: *');
header("X-XSS-Protection: 0");
echo $_POST["roll"];
echo $_POST["id"];
echo $_POST["email"];
?>

However, when I use it in sending emails, I'm getting Access-Control-Allow-Origin error again. This is the whole code :

<?php
 header('Access-Control-Allow-Origin: *');
header("X-XSS-Protection: 0");
echo $_POST["roll"];
echo $_POST["id"];
echo $_POST["email"];

$subject = 'Reset Password - ITM Exodia';
$toEmail = '$_POST["email"]';
$message = 'Reset Password - ITM Exodia';          
$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= "From: ITM Exodia" . "\r\n";


$to=$toEmail;
$subject=$subject;
$from="Exodia@zarainforise.com"; 
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
$headers .= "From: <".$from.">\n";
$headers .= "X-Priority: 1\n";
$message='<a href="http://localhost/exodia/reset.php?q=$_POST['id']" >Reset Password</a>';
$message .= "<br/>Regards $_POST['id']<br />saurav";


if (mail($to, $subject, $message, $headers )) {
  $data['msg']="Message send successfully";
} 
else {
  $data['msg']="Please try again, Message could not be sent!";
}  
?>

With this code the data is not even posted and it gives Access-Control-Allow-Origin error. Where did I go wrong ?

Tom Cruise
  • 69
  • 1
  • 11

1 Answers1

0

If you're using passwords in requests you should also add: 'Access-Control-Allow-Credentials: true' header line

Alex Slipknot
  • 2,439
  • 1
  • 18
  • 26