1

I have been recently introduced to CORS. After researching about it, I'm still not sure if this is what I need.

From my understanding it seems that CORS allows you to access, for example, a php file that contains Access-Control-Allow-Origin:"access.me.com". But it can't allow you to access an image. How am I supposed to write that in an image?

I have this function that checks if an image from an outside url exists. But I can't run it due to the same-origin-policy. How am I supposed to check if those images exist?

function fileExists(file_url){

  var http = new XMLHttpRequest();

  http.open('HEAD', file_url, false);
  http.send();

  return http.status !== 404;
}
q-l-p
  • 4,304
  • 3
  • 16
  • 36
  • It is not clear what you mean by `But it cant allow you to access an image as how am I supposed to write that in am image?` - if you need CORS ad you need HEAD or custom headers, you need to add CORS to HEAD, GET, POST AND OPTION – mplungjan May 11 '18 at 11:04
  • Well I mean, in order to access a php file from an outside resource, you need to enable that php file with Access-Control-Allow-Origin:"access.me.com". then you can access it from an outside url right? but how am i supposed to access an image from image.com/img345 inside another directory/domain mydomain.com –  May 11 '18 at 11:06
  • You are not, unless they have implemented CORS and allow you, or you are the owner of image.com and allow your other domain – mplungjan May 11 '18 at 11:08
  • I am the owner of both domains –  May 11 '18 at 11:09
  • I just dont understand how to allow the other domaing image.com to let my other domain letme.com access the images from image.com/img –  May 11 '18 at 11:10
  • How you configure your HTTP server to add CORS headers depends on which server you use. – Quentin May 11 '18 at 11:13
  • And it has to be YOUR server - or as I said THEY have to configure THEIR server. Otherwise you need a server proxy using CURL or similar – mplungjan May 11 '18 at 11:14
  • @mplungjan — luke said they are both his servers, he is asking how to set the headers for a static image file. – Quentin May 11 '18 at 11:14
  • I've updated the duplicate targets as best I can. The close reason really should be because it is "unclear" because there is no information about the HTTP server in use. – Quentin May 11 '18 at 11:15
  • @Quentin - you could have left the 404 detection in there. Anyway, I duped them 30 mins ago and we were not informed luke was the owner of both until 5 mins later. – mplungjan May 11 '18 at 11:35
  • PS: The nginx is missing HEAD in `add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';` – mplungjan May 11 '18 at 11:36

0 Answers0