Ajax, php CORS header

Question

I got such an error.

Blocked request to a resource of another origin: "Same Origin Policy" does not allow to load remote resources from https://test-domain.com/public/fetch_data.php/ (missing CORS header "Access-Control-Allow-Origin" ).

I added code at the begining to my config file https://test-domain.com/private/initialize.php

$accepted_origins = array("https://test-domain.com");

if(isset($_SERVER['HTTP_ORIGIN'])){
    if(in_array($_SERVER['HTTP_ORIGIN'], $accepted_origins)){
        header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
    }else{
        header("HTTP/1.1 403 Origin Denied");
        return;
    }
}

My question: Is it enough or is there anything else to add?

`My question: Is it enough or is there anything else to add?` Did you already test it with that code? — Baracuda078, Mar 29 '21 at 13:11
@Baracuda078 yes -> if ip for test `1.1.1.1` there is error `HTTP/1.1 403 Origin Denied` (console->network) — sagittarius, Mar 29 '21 at 13:48
Then what does`$_SERVER['HTTP_ORIGIN']` contain? Echo it out or use var_dump() — Baracuda078, Mar 29 '21 at 14:28
@Baracuda078 I found solution `https://stackoverflow.com/questions/41975920/how-to-send-a-cross-domain-ajax-request` — sagittarius, Mar 31 '21 at 12:11

score 0 · Answer 1 · answered Mar 31 '21 at 12:10

0

solution

How to send a cross domain ajax request

header('Access-Control-Allow-Origin: *');

answered Mar 31 '21 at 12:10

sagittarius

3
4

Ajax, php CORS header

1 Answers1