0

I have been losing a lot of time trying to redirect from my AMP page to another pages. When a form is submited, a php file is called by xhr-action sending data with POST. This php file sets a new location to redirect the page to another one. The code i have in the php file to redirect is the next:

<?php 
header("Content-type: application/json");
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Origin: https://www.dominio.com/amp/*");
header("AMP-Access-Control-Allow-Source-Origin: https://www.dominio.com");
header("Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin");
$especi=$_POST["especialidad"];
$paises=$_POST["ES"];
$paismx=$_POST["MX"];
$paispr=$_POST["PR"];
$paiscl=$_POST["CL"];
$paisco=$_POST["CO"];
$paisar=$_POST["AR"];
if(isset($paises)){
    $urlbase="https://www.dominio.es/p/";
    $pais="ES";
    $provin=$paises;
    $pobla=0; //$_POST["zn2"];
}
/*
else if(isset($paismx)){
    $urlbase="https://www.dominio.mx/p/";
    $pais="MX";
    $provin=$paismx;
    $pobla=$_POST["zn2"];
}
else if(isset($paispr)){
    $urlbase="https://www.dominio.com/p/";
    $pais="PR";
    $provin=$paispr;
    $pobla=$_POST["zn2"];
}
else if(isset($paiscl)){
    $urlbase="https://www.dominio.cl/p/";
    $pais="CL";
    $provin=$paiscl;
    $pobla=$_POST["zn2"];
}
else if(isset($paisco)){
    $urlbase="https://www.dominio.co/p/";
    $pais="CO";
    $provin=$paisco;
    $pobla=$_POST["zn2"];
}
else if(isset($paisar)){
    $urlbase="https://www.dominio.com.ar/p/";
    $pais="AR";
    $provin=$paisar;
    $pobla=$_POST["zn2"];
}*/


$queryespe="SELECT * FROM tx WHERE Id='$especi'";
$resultespe = mysqli_query($link,$queryespe);
$fila = mysqli_fetch_array($resultespe);
$especialidad=$fila['Keyword'];
$especialidad=reemplazargui($especialidad);
$especialidad=reemplazarac($especialidad);
if($pobla!=0){
    $querypo="SELECT * FROM ts WHERE Id='$pobla'";
    $resultpo = mysqli_query($link,$querypo);
    $filapo = mysqli_fetch_array($resultpo);
    $poblacion=reemplazargui($filapo['Keyword']);
    $ulr=$urlbase.$especialidad."/".reemplazarac($poblacion)."/";
    mysqli_close($link);
    header ("Location: $ulr");
    die();
}else{
    $querypo="SELECT * FROM tx_2 WHERE Id='$provin'";
    $resultpo = mysqli_query($link,$querypo);
    $filapo = mysqli_fetch_array($resultpo);
    $poblacion=reemplazargui($filapo['Keyword']);
    $ulr=$urlbase.$especialidad."/".reemplazarac($poblacion)."/";
    mysqli_close($link);
    $ulr = html_entity_decode($ulr);
    header ("Location: $ulr");
    die();
    }

?>

The process arrives to the entity_decode correctly and the url (ulr) i put inside header is correct. The response i get from chrome network analysis is the next (i do not understand why exists two initiators for the same url that, in addition, is not working). Error Log:

Fetch API cannot load https://www.dominio.com/amp/include/listado.php?__amp_source_origin=http%3A%2F%2Fwww.dominio.com. Redirect from 'https://www.dominio.com/amp/include/listado.php?__amp_source_origin=http%3A%2F%2Fwww.dominio.com' to 'https://www.dominio.es/m/Alergologo/Albacete-Provincia/' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://www.dominio.com/amp/*' that is not equal to the supplied origin. Origin 'http://www.dominio.com' is therefore not allowed access. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Fetch failed https://www.dominio.com/amp/include/listado.php?__amp_source_origin=http%3A%2F%2Fwww.dominio.com : Failed to fetch

Uncaught Error: Form submission failed:: Fetch failed https://www.dominio.com/amp/include/listado.php?__amp_source_origin=http%3A%2F%2Fwww.dominio.com: Failed to fetch​​​ reported at na.f.assert (log.js:295) at xhr-impl.js:164

So, i need to redirect to another page calling from AMP page to the php file i am showing, which must redirect to final page. The redirecting is not working with this code.

Edit: The problem could be the CORS policy, but i have added this lines to htaccess file and keeps without working.

<IfModule mod_headers.c>
    <FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css|css)$">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>
</IfModule>

Edit 2: Modified headers: 

ob_start();
header("Content-type: application/json");
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Origin: https://www.dominio.com/amp/*");
header("AMP-Access-Control-Allow-Source-Origin: https://www.dominio.com/amp/*");
header("Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin");

Errors:

Fetch API cannot load https://www.dominio.com/amp/include/listado.php?__amp_source_origin=http%3A%2F%2Fwww.dominio.com. Redirect from 'https://www.dominio.com/amp/include/listado.php?__amp_source_origin=http%3A%2F%2Fwww.dominio.com' to 'https://www.dominio2.es/m/Alergologo/Alicante-Provincia/' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://www.dominio.com/amp/*' that is not equal to the supplied origin. Origin 'http://www.dominio.com' is therefore not allowed access. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Edit 3: SOLVED

The adition of the headers to allow CORS have solved the problem. They must be added in all afected domains.

header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Origin: https://www.dominio.com/amp/*");
header("AMP-Access-Control-Allow-Source-Origin: https://www.dominio.com/amp/*");
header("Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin");
Bachcha Singh
  • 3,850
  • 3
  • 24
  • 38
Asier
  • 461
  • 9
  • 19
  • Please be more specific than "It's not working". What are you expecting, what actually happens, do you get any warnings or errors appearing in the output/in your logs, etc? Have you turned error_reporting/logging on? Also, if you could put a textual description of the output instead of pasting screenshots that would be really helpful – GordonM Mar 21 '17 at 12:48
  • Ok, thanks. I will edit. – Asier Mar 21 '17 at 12:49
  • Kindly, check my answer. Thanks. – user1544541 Mar 21 '17 at 12:56
  • OK I can see the problem. One of the URLs is HTTPS but the other is not. I think it's OK to redirect to HTTPS from HTTP, but not the other way around according to the rules of CORS. https://en.wikipedia.org/wiki/Cross-origin_resource_sharing – GordonM Mar 21 '17 at 13:29
  • But i think that all redirects are from HTTPS, where is the HTTP redirecting? – Asier Mar 22 '17 at 09:09
  • @Asier You can redirect user after successful submission, however it can only be done if you are submitting values to a secure URL Refer : http://stackoverflow.com/a/43489796/5635098 – Bachcha Singh Apr 19 '17 at 10:36

2 Answers2

1

The solution is added to the post, Edit 3.

The adition of the headers to allow CORS have solved the problem. They must be added in all afected domains.

header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Origin: https://www.dominio.com/amp/*");
header("AMP-Access-Control-Allow-Source-Origin: https://www.dominio.com/amp/*");
header("Access-Control-Expose-Headers: AMP-Access-Control-Allow-Source-Origin");
Asier
  • 461
  • 9
  • 19
-1
    REPLACE,
    header ("Location: $ulr");
    die();
    WITH,
    header ("Location: $ulr");
    ?>
    <script type="text/javascript">
    location.href = '<?php echo $ulr ?>';
    </script>
    <?php
    die();
user1544541
  • 193
  • 3