0

This is a segment of my ajax request

$.ajax({
url: url,
type:"POST",
crossDomain:true,
data: new FormData(this),
contentType: false,
cache: false,
processData: false,

The url points to a controller, everything is on the same domain. I am using codeigniter, I have these headers set in both my controller and htaccess

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS'); 
header('Access-Control-Allow-Headers: X-Requested-With, content-type, X-Token, x-token');

I have read all the solutions on these links Making get request for same domain giving CORS error CORS error on same domain? and others but still not working. Please any suggestion?

This is the error Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at "the link". (Reason: missing token ‘access-control-allow-headers’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel).

dkum
  • 105
  • 8
  • 1
    What's the error? – StudioTime Jun 27 '17 at 09:13
  • 1
    why are you using `crossDomain:true`? This causes requests on the same domain to be treated as if they were cross-domain. Is there a very good reason you need to do this? Because if not, you're just making life more complicated for yourself. – ADyson Jun 27 '17 at 09:30
  • @ADyson I added it because of what was suggested to me on a platform. It wasn;t working before I added it, still not working after it. – dkum Jun 27 '17 at 09:34
  • 1
    well it definitely won't help you to include it, so remove it. You say "everything is on the same domain", but if you're getting a CORS error _without_ `crossDomain:true`, then we need to check some things: "Same domain" in ajax terms means the client and server must have _exactly_ the same domain, the same protocol (http/https), and the same port number. Can you show the URL of your web page, and the full URL you're ajax-ing to? If those are all correct, then we can start looking at the headers. – ADyson Jun 27 '17 at 09:41
  • This is the url of the web page: http://scoopnews.info/. This is the page i am ajaxing it to http://scoopnews.info/News/upload/10 @ADyson – dkum Jun 27 '17 at 09:46
  • `headers: { 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Methods': 'GET,POST,OPTIONS,DELETE,PUT', 'Access-Control-Allow-Headers' : 'x-requested-with, Content-Type, origin, authorization, accept, client-security-token, methods,method' }` If you were using CORS, these are headers that the **server** should set, not the client. – ADyson Jun 27 '17 at 09:51
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/147700/discussion-between-user2983401-and-adyson). – dkum Jun 27 '17 at 09:52

0 Answers0