Cross-Origin Request Headers(Cors) With PHP Headers

Cross-Origin Request Headers(CORS) with PHP headers

Access-Control-Allow-Headers does not allow * as accepted value, see the Mozilla Documentation here.

Instead of the asterisk, you should send the accepted headers (first X-Requested-With as the error says).

Update:

* is now accepted is Access-Control-Allow-Headers.

According to MDN Web Docs 2021:

The value * only counts as a special wildcard value for requests without credentials (requests without HTTP cookies or HTTP authentication information). In requests with credentials, it is treated as the literal header name * without special semantics. Note that the Authorization header can't be wildcarded and always needs to be listed explicitly.

How to enable CORS with PHP

As commented, the problem is that you need to allow all origins from the script.

//at the very begining of your php script.
header('Access-Control-Allow-Origin: *'); 

CORS header 'Access-Control-Allow-Origin' missing in php

Just put this line on test.php, hope it will work

<?php header('Access-Control-Allow-Origin: *'); ?>

CORS (cross origin resource sharing) using PHP

Make the following changes to your code:

File: content.php

<?php
//header("Access-Control-Allow-Origin: http://localhost:1113/sample.html");
header("Access-Control-Allow-Origin: http://localhost:1113");

?>

It should work.

The definition of same origin as enforced by SOP (and that CORS helps bypass) is: "Two pages have the same origin if the protocol, port, and host are the same for both pages.".

In your code, you are supposed to add the CORS header to reflect the origin that can be allowed by the browser to display the contents of "content.php" hence you have to specify the "origin" as the header value and that is http://localhost:1113 (not 'http://localhost:1113/sample.html').

Also, the statement "Unfortunately I believe you will get CORS issues no matter what with localhost, consider trying the local IP instead." in Fredo's answer is not correct. The browser will treat [scheme+host+port] in totality when determining the origin. So, using localhost with different port numbers should be treated as different origins without any issue.

CORS not working php

Finally, I myself have solved the problem explained in the question. The code that I have implemented for accessing header is incorrect.

The below mentioned two line code, when given, didn't work:

<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
?>

But handling CORS requests properly is a tad more involved. Here is a function that will respond more fully. The updated code is this :

 <?php
    // Allow from any origin
    if (isset($_SERVER['HTTP_ORIGIN'])) {
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400');    // cache for 1 day
    }

    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers:        {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

        exit(0);
    }

    echo "You have CORS!";
?>

I have found from another post
It worked....

---

Related Topics