1

XMLHttpRequest cannot load http://example.com/test.php. No Access-Control-Allow-Origin header is present on the requested resource. Origin http://eample.com is therefore not allowed access.

How to resolve it. i added following headers in that php file:

header('Access-Control-Allow-Origin: *');

header('Access-Control-Allow-Methods: GET, POST, OPTIONS');

header('Access-Control-Allow-Headers: Origin, Content-Type, Accept, 
Authorization, X-Request-With');

header('Access-Control-Allow-Credentials: true');

i replace my domain name 'codeXXX' with 'example' dont confuse with that

Mayank Vadiya
  • 1,437
  • 2
  • 19
  • 32
Venkata Sai Katepalli
  • 332
  • 3
  • 9
  • you have to add CORS support in server config, more details on CORS https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS – Nemani Aug 30 '17 at 05:11
  • @Nemani it looks like Venkata has done that – Phil Aug 30 '17 at 05:11
  • Make sure this is right at the top of your `.php` script so that nothing it output before these headers are sent – Phil Aug 30 '17 at 05:16
  • 1
    Also, check your browser's *Network* console. is there an `OPTIONS` request? What do the response headers look like for the failed request? – Phil Aug 30 '17 at 05:18
  • Possible duplicate of ["No 'Access-Control-Allow-Origin' header is present on the requested resource"](https://stackoverflow.com/questions/20035101/no-access-control-allow-origin-header-is-present-on-the-requested-resource) – M. Eriksson Aug 30 '17 at 05:18
  • @MagnusEriksson this does not appear to be a duplicate as OP appears to have made the correct server-side changes – Phil Aug 30 '17 at 05:21
  • @Phil It depends. The link about CORS in that answer has _a lot_ of information about different situations (including OPTIONS request). Might be some valid info in there. – M. Eriksson Aug 30 '17 at 05:25

1 Answers1

1

The header

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST');

MUST be given in response to an OPTION request to "http://example.com/test.php". If OPTION request contains this header, the following GET (or POST) will be accepted.

If the browser says that the header "Access-Control-Allow-Origin" is not present, ... just add it ^_^

header('Access-Control-Allow-Headers: Access-Control-Allow-Origin, Origin, Content-Type, Accept, Authorization, X-Request-With');
sensorario
  • 20,262
  • 30
  • 97
  • 159
  • 1
    I feel like OP would have a different error message if the server weren't responding correctly to an `OPTIONS` request. – Phil Aug 30 '17 at 05:14
  • 1
    And the OP actually have `OPTIONS` in the allowed methods, you don't ? – adeneo Aug 30 '17 at 05:16
  • You have two request. First one is OPTION that tells to your client how can be the second. – sensorario Aug 30 '17 at 05:16
  • ANY time you make a request with angular, the request is preceded by an OPTION request. – sensorario Aug 30 '17 at 05:17
  • @sensorario that's not correct. A standard `GET` request without authorization will be *simple* and not require a pre-flight request. A `POST` request using `Content-type: application/x-www-form-urlencoded` is also excempt – Phil Aug 30 '17 at 05:19