Reputation: 1018
CORS "No 'Access-Control-Allow-Origin' header is present" yet there is
These three headers are added using PHP
header('Content-Type: application/json; charset=UTF-8;');
header('Access-Control-Allow-Methods: GET, POST');
header('Access-Control-Allow-Origin: *');
All the headers sent are:
HTTP/1.1 200 OK
Date: Mon, 30 Jun 2014 06:39:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.28
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=1, private, must-revalidate
Content-Length: 20
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: application/json; charset=UTF-8;
Yet when trying to use $.json or $.post to target this server, I get this error in the Chrome Console:
XMLHttpRequest cannot load http://cms.webdevguru.co.uk/gurucms.php?mode=addto&apikey=606717496665bcba. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://remote.webdevguru.co.uk' is therefore not allowed access.
I know this is a possible duplicate of a few other questions, but since I have gone through many of them and tried a few things out of them to try and fix this: I would appreciate some specific replies to deal with my issue at hand.
As Joachim Isaksson figured out, its because the initial headers consist of a 301 Redirect, is there any way to force the request to follow the Redirect before checking for the Access-Control-Allow-Origin headers?
Upvotes: 6
Views: 7222
Answers (1)
Reputation: 181077
The reason CORS isn't working is that your link gives a "301 Moved Permanently" without a CORS header, redirecting to another link.
The link it redirects to sends the header, however it seems CORS has already given up the preflight on the first response.
Passing back a "Access-Control-Allow-Origin" header with the 301 may solve your problem, that should allow the preflight to continue.
Upvotes: 7
Related Questions
- header('Access-Control-Allow-Origin: *'); Not allowing CORS request
- Why header access-control-allow-origin not working?
- CORS: No 'Access-Control-Allow-Origin' header - but php sets header file
- AJAX request gets "No 'Access-Control-Allow-Origin' header is present on the requested resource" error
- Keep getting No 'Access-Control-Allow-Origin' error with XMLHttpRequest
- Error with "Access-Control-Allow-Origin", when i have "Access-Control-Allow-Origin: *"
- Can't send CORS query: responds with "No 'Access-Control-Allow-Origin' header"
- Access-Control-Allow-Origin not sending from PHP
- PHP Access-Control-Allow-Origin header not working
- Issue with Access-Control-Allow-Origin on server