-1

I'm writing a web app and I guess I have no idea how CORS works.

I have full control over the sending and receiving side.

I'm in Chrome, and the browser is reporting that the current page (http://site1.com/top.php) has the response header of Access-Control-Allow-Origin: *. And the AJAX call (to http://site2.com/project.php) says that project.php is responding with the header Access-Control-Allow-Origin: *.

I'm not sure if it's redundant if both top.php and project.php have this header. But I added it to both just to be sure.

Atlas, even with permissive Access Control, I get the error:

Access to XMLHttpRequest at '[http://site2.com/project.php]' from origin '[http://site1/top.php]' has been blocked by CORS policy: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers in preflight response.
Dellowar
  • 3,160
  • 1
  • 18
  • 37

2 Answers2

-1

Prepend "https://cors-anywhere.herokuapp.com/" to the URL and try. For example, "https://cors-anywhere.herokuapp.com/site2.com/project.php"

Yash P Shah
  • 779
  • 11
  • 15
-2

Cross origin requests are blocked by most of the browsers due to injection attacks. Cross origin requests are allowed only when the server allows the client's origin to access.

If you want to enable Cross origin requests , in http://site2.com/project.php try adding a line header('Access-Control-Allow-Origin: site2.com')at the beginning of the file project.php and site2.com should be able to successfully access without any error by the browser.

Sandeep P
  • 133
  • 5