0

So I've read all the other posts such as

Similar Problem 1

Similar Problem 2

but neither solution works for me.

So I have the following JavaScript code

var xhttp = new XMLHttpRequest();
xhttp.open("GET", "react.php?do=getnotify&rand=" + Math.random(), true);
xhttp.setRequestHeader("Access-Control-Allow-Origin", "http://mydomainname.net");
xhttp.send();

Still I get the error

(index):1 Failed to load http://mydomainname.net/react.php?do=getnotify&rand=0.10280796901744726: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://mydomainname.net' is therefore not allowed access.

  • This only occurs when the user visits the website by going to mydomainname.net

  • If the user visits the site by going to www.mydomainname.net then the Ajax request works fine - no issues.

So what gives???

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
zdanman
  • 508
  • 1
  • 3
  • 13
  • Access-Control-Allow-Origin is a response header, not a request header. You can’t set it from your frontend JavaScript code. Instead the server you’re making the request to needs to send an Access-Control-Allow-Origin. But the code shown in the question couldn’t cause the error message shown in the question — because that isn’t making a cross-origin request. – sideshowbarker Aug 25 '18 at 23:38
  • 1
    The URLs in the error message shown in the question don’t make sense; the browser would never report a message with *Failed to load `http://mydomainname.net/react.php?…` … Origin '`http://mydomainname.net`'* — because `http://mydomainname.net/react.php?…` has the same origin as `http://mydomainname.net`, so that wouldn’t be a cross-origin request, and so you wouldn’t get that error message. – sideshowbarker Aug 25 '18 at 23:41
  • @sideshowbarker i dont know... its my host... so I can add anything I want to the .htaccess if you have any recommendations. This script is on the home page of the site so.... like I said if you visit the home page of the site by typing in **www.mydomainname.net** then the script works fine... if you visit the home page by typing in **mydomainname.net** then the script fails because I guess the server considers **`http://mydomainname.net/blahblah`** an outside request where as it considers **`http://www.mydomainname.net/blahblah`** an internal request....basically I guessany advice? – zdanman Aug 26 '18 at 16:47
  • in addition: since javascript automatically prepends the domain in the address bar to the Ajax **`/react.php ....`** reference its pretty much impossible to ensure that **www** is in the Ajax address. So I guess the question is.... how do I make the browser/server accept calls to **`http://mydomainname.net/blahblah`** and not just **`http://www.mydomainname.net/blahblah`**? – zdanman Aug 26 '18 at 16:54
  • @sideshowbarker any suggestions? – zdanman Aug 27 '18 at 21:06
  • The solution is to make your server send the Access-Control-Allow-Origin response header in responses – sideshowbarker Aug 28 '18 at 04:24

1 Answers1

0

What I ended up doing was (what may be a bandaid... but it works) putting this in the .htaccess file

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

so as to force www to be included at the beginning of the url.

zdanman
  • 508
  • 1
  • 3
  • 13