Codeigniter Cors Policy: No 'Access-Control-Allow-Origin' Error How to Resolve

Codeigniter CORS policy: No 'Access-Control-Allow-Origin' error How to resolve?

Try allowing GET & OPTIONS

<?php
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Methods: GET, OPTIONS");

If the above doesn't work, try allowing access to font resources via .htaccess (for apache) or in nginx server block - add these lines:

# Apache config
<FilesMatch ".(eot|ttf|otf|woff)">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>

or

# nginx config
if ($filename ~* ^.*?\.(eot)|(ttf)|(woff)$){
add_header Access-Control-Allow-Origin *;
}

error Access-Control-Allow-Origin header on codeigniter

In the controller, set Access-Control-Allow-Origin at the top of your php script to the expected value of the origin header, the domain your ajax calls from:

header('Access-Control-Allow-Origin: abc');

Or if you never use credentials and don't care where the request comes from, just use a wildcard:

header('Access-Control-Allow-Origin: *');

update 2015-07-13 12:34 +0000

Disclaimer

I think I failed to properly consider that this was done under codeigniter and it now seems to me this answer is pretty poor.

enabling cors in codeigniter ( restserver by @chriskacerguis )

Try adding OPTIONS to the allowed methods.

header("Access-Control-Allow-Methods: GET, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Content-Length, Accept-Encoding");

and return immediately when the request is method 'OPTIONS' once you have set the headers.

if ( "OPTIONS" === $_SERVER['REQUEST_METHOD'] ) {
die();
}

See also this answer.

Angular sends a W3C CORS spec compliant preflight request that will check for the right allowed methods before actually attempting it.

Personally, I find the Mozilla Developer Network CORS page a bit easier to read on the matter to help understand the flow of CORS.

No 'Access-Control-Allow-Origin' error in HMVC Codeigniter

For Cross-Origin Resource in Codeignitor you have to include this line in controller right after start of <?php tag

header('Access-Control-Allow-Origin: *');

CORS issue in codeigniter 4: Response to preflight request doesn't pass access control check

Please try by setting Apache response headers and redirect method to .htaccess in root of www/public directory, like this:

#Redirect for CORS Preflight request
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
#Set headers to access CORS Requests / allowing localhost only
Header always add Access-Control-Allow-Origin "*"
Header always add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header always add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

NOTE: Be careful by adding Header always add Access-Control-Allow-Origin "*" to your .htaccess, "*" open doors for attackers, replace * with your domain or subdumain!

How to enable or Allow Access-Control-Allow-Origin for JQuery and Codeigniter 4

Whenever, there is a cross-origin issue, there are two routes that are hit. Lets say in your example, you have GET request to "http://api.domain.te/requests/verify", So before hitting your server with GET request it will hit same url with OPTIONS request. This verifies whether your server allows the API for the Cross Origin Request.

So In CI4 routes you have to define same URL or include a wild card to enable your cross origin request.

Here, the following example is for wild card request.

$routes->options('(:any)', 'Controller/options');

Here this route matches any routes with OPTIONS method and a single method called Options is there to handle it.

This options method can be defined as follows :

public function options($any)
{
return $this->response->setHeader('Access-Control-Allow-Origin', '*') //for allow any domain, insecure
->setHeader('Access-Control-Allow-Headers', '*') //for allow any headers, insecure
->setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE') //method allowed
->setStatusCode(200); //status code
}

What this method essentially does is lets the browser know that request are allowed for Cross-Origin, with status Methods such as GET, POST, PUT and DELETE.

After browser hits this request, it will be directed to your request which should also have cross origin enabled as follow:

$this->response->setContentType('application/json')->setJSON($response)->send()->setHeader('Access-Control-Allow-Origin', '*');

Reference : https://carminemilieni.it/2019/09/19/resolve-cors-and-corb-in-codeigniter-4/



Related Topics



Leave a reply



Submit