Enabling CORS in header (php) are not working on wordpress website

Question

I'm trying to send a request and get a response from another website using jquery. Request is sent and i've got 200. But I cant get a response message from the server and what I see evretime is that error: (Im using wordpress with woocomerce. my servier is on bluehost)

    Failed to load https://smm.nakrutka.by/api/?key=76856&action=create&service=34&quantity=100&link=https://www.instagram.com/p/BnWW4npDAU5/: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://fejmu.pl' is therefore not allowed access.
scripts.js:259 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://smm.nakrutka.by/api/?key=3262a5221b2643d925fcd5752d021b2f&action=create&service=34&quantity=100&link=https://www.instagram.com/p/BnWW4npDAU5/ with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.
(anonymous) @ scripts.js:259
sentOrderAPIRequest @ scripts.js:243
Promise.then (async)
(anonymous) @ scripts.js:40
dispatch @ jquery-1.11.2.min.js:3
r.handle @ jquery-1.11.2.min.js:3

Here is my header:

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: *");

And my request API function

    function sentOrderAPIRequest(validation){
  return new Promise(function(resolve) {
    if (validation) {
      var $number = $('#order_quantity');
      var numberValue = Number($number.val());
      var $link = $('#instagram_link');
      var linkvalue = $link.val();
      var serviceIdValue = $('#new-order-select2').val();

      var url = "https://smm.nakrutka.by/api/?key=564564&action=create&service="+ serviceIdValue +"&quantity=" + numberValue + "&link=" + linkvalue + "";

      var request = new XMLHttpRequest();

      request.open('GET', url);
      request.onreadystatechange = function() {if (request.readyState==4) alert("It worked!");};
      request.setRequestHeader("Content-type", "application/json");
      request.send();

    # BEGIN WordPress
<IfModule mod_rewrite.c>
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
Header always set Access-Control-Allow-Methods "GET,PUT,POST,DELETE,OPTIONS"

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

END WordPress

Have you activated SSL on your websites ? – dineshkashera Oct 31 '18 at 13:33 — dineshkashera, Oct 31 '18 at 13:33

delboy1978uk · Answer 1 · 2018-11-03T20:24:14.800

-1

You don't need CORS.

You can make a call to a proxy script on your own site, then use cURL or Guzzle to make the call from PHP. This is the way I always do it.

jQuery:

$.get('/your/proxy/url.php', {any: "vars", go: "here"}, function(data){
    console.log(data);
});

php:

<?php 

$data = file_get_contents('the url you are calling from js here'); 
header('Content-Type: application/javascript'); // if $data is JSON
echo $data; 
exit;

edited Nov 03 '18 at 20:24

answered Oct 31 '18 at 13:55

delboy1978uk

12,118
2
21
39

Could you please show the example how can i make it? – Pavel Kotau Oct 31 '18 at 15:39
i updated the answer for you – delboy1978uk Nov 03 '18 at 20:20

Enabling CORS in header (php) are not working on wordpress website

END WordPress

1 Answers1