CORS not working php
Finally, I myself have solved the problem explained in the question. The code that I have implemented for accessing header is incorrect.
The below mentioned two line code, when given, didn't work:
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
?>
But handling CORS requests properly is a tad more involved. Here is a function that will respond more fully. The updated code is this :
<?php
// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
echo "You have CORS!";
?>
I have found from another post
It worked....
CORS issue on php built api
Your Origin
appears to be the same hostname and port as the request destination, only the protocol is different (HTTP vs HTTPS).
So really this request needn't be subject to CORS at all, if you access your page via HTTPS (just like you're trying to access the AJAX request via HTTPS), or alternatively access the AJAX via HTTP (just like your page).
Once the protocol, hostname/domain and port are the same for both the main page and the AJAX URL, they're considered to be the "same origin", and therefore CORS (Cross-Origin Resource Sharing) restrictions do not apply.
Cross-Origin Request Headers(CORS) with PHP headers
Access-Control-Allow-Headers
does not allow *
as accepted value, see the Mozilla Documentation here.
Instead of the asterisk, you should send the accepted headers (first X-Requested-With
as the error says).
Update:
*
is now accepted is Access-Control-Allow-Headers
.
According to MDN Web Docs 2021:
The value
*
only counts as a special wildcard value for requests without credentials (requests without HTTP cookies or HTTP authentication information). In requests with credentials, it is treated as the literal header name*
without special semantics. Note that the Authorization header can't be wildcarded and always needs to be listed explicitly.
CORS not set when sending GET request
Looks like the URL in the question is a bit different from the URL in the error message (in the error message there's an extra /
after log.php
)
Can you remove it and see what happens?
PHP - Access-Control-Allow-Origin not working
Probably your static files, like images, aren't accessed via index.php (you are referring to their physical location). In this case, CORS headers can be set at the level of HTTP server. If it handles .htaccess files, you can simply create .htaccess
file containing following content:
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
in the main or specified directory.
Related Topics
How to Give PHP Write Access to a Directory
How to Hide .PHP Extension in .Htaccess
Prevent Direct Access to File Called by Ajax Function
"[Notice] Child Pid Xxxx Exit Signal Segmentation Fault (11)" in Apache Error.Log
Execute PHP Scripts Within Node.Js Web Server
How to Find Out How "Deep" a PHP Array Is
When Should I Use Memcache Instead of Memcached
What Is Autoloading; How to Use Spl_Autoload, _Autoload and Spl_Autoload_Register
Laravel View Not Found Exception
Why Is PHP Session_Destroy() Not Working
Change Product Prices Via a Hook in Woocommerce 3+
How to Insert Element into Arrays At Specific Position
How to Check If an Email Address Is Real or Valid Using PHP
Replace a Whole Line Where a Particular Word Is Found in a Text File
Header Only Retrieval in PHP Via Curl
Use PHP to Convert Png to Jpg With Compression