I want to access content of site A, from site B. So, I config the Access-Control-Allow-Origin of site B to wildcard (*). However, after the configuration I will got cross-origin exception. Then, I try to curl the site A url, and get this result:
access-control-allow-headers: *
access-control-allow-origin: *
So, I am not sure is it because the keyword Access-Control-Allow-Origin is case sensitive?
I tried to search around, cannot find any doc specify that it must be camel case.
Updated:
Let me explain what really happens to me:
I have site B (https://siteB.com) which has a iframe with src="https://siteA.com".
On site B, I have a script to get dynamic height for that iframe:
function showPageDialog(url, id, title, onCloseDialog) { var iframe = $('<iframe/>', {'class': 'frame', 'src': url}).load(function(){ setTimeout(function() { $(iframe).height($(iframe).contents().height()); }, 100); }); showDialog(iframe, id, title, onCloseDialog); }
This function got exception when access $(iframe).contents(), the exception detail as follow:
Uncaught DOMException: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "https://siteB.com" from accessing a cross-origin frame.
Here is the curl result:
HTTP/1.1 200 OK
Server: Apache
ETag: "f8daec99fedb6b0cd0d205598167cf11:1477550373"
Last-Modified: Thu, 27 Oct 2016 06:39:33 GMT
Accept-Ranges: bytes
Content-Length: 44152
Content-Type: text/html
Date: Mon, 31 Oct 2016 09:14:19 GMT
Connection: keep-alive
access-control-allow-headers: *
access-control-allow-origin: *
As mentioned in @duskwuff's answer, I alr had Access-Control-Allow-* in the response header from siteA. But still get exception.
