how to allow cross-origin in [PHP]

Question

I have 2 domains.

I try to open a URL from domain 2 in domain 1 using window.open JavaScript tag and after the user does some staff on domain 2 then put the result in a div on domain 1 using window.opener everything works fine but at the final step, I get cross-origin error Uncaught DOMException: Blocked a frame with origin "http://example.com" from accessing a cross-origin. in chrome console.

How to allow access to a cross-origin on domain 1 in PHP?

EDIT

My question is not a possible duplicate of this question because I'm asking about PHP.

SOLUTION

Just add header("Access-Control-Allow-Origin: *"); at the beginning of your code after opening PHP tag, this will allow access from any origin (website).

if you want to limit the access, replace * with origin (website) url like header("Access-Control-Allow-Origin: http://example.com/");

score 3 · Accepted Answer · answered Jun 10 '17 at 19:24

<?php
    // Allow from any origin
    if (isset($_SERVER['HTTP_ORIGIN'])) {
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400');    // cache for 1 day
    }

    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers:        {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

        exit(0);
    }

?>

Thanks where i have to add it? in domain 1 or domain 2? – mahdi azarm Jun 10 '17 at 19:48 — mahdi azarm, Jun 10 '17 at 19:48
I added your code in domain 1 and still giving same error – mahdi azarm Jun 10 '17 at 19:56 — mahdi azarm, Jun 10 '17 at 19:56

how to allow cross-origin in [PHP]

1 Answers1