Kosmetika
Reputation: 21304
PHP cURL add "Access-Control-Allow-Origin: *" header for specific endpoint
I have such code on my php server (5.2) endpoint GET http://mydomain/get-code.php:
<?php
header("Access-Control-Allow-Origin: *");
$data = 'id=' . '123456' . '&' .
'text=' . 'some text' . '&' .
'code=' . urlencode($_GET['code']);
$ch = curl_init('https://someapi.com/login/oauth');
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
preg_match('/hash=([0-9a-f]+)/', $response, $out);
echo $out[1];
curl_close($ch);
?>
I'm requesting GET http://mydomain/get-code.php from another domain.
I'm getting CORS error in browser console:
XMLHttpRequest cannot load http://mydomain/get-code.php No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9292' is therefore not allowed access.
Any ideas?
Upvotes: 1
Views: 9479
Answers (1)
Blake A. Nichols
Reputation: 870
Access-Control-Allow-Origin is for the server that is receiving the request, not the client sending the request.
Upvotes: 4
Related Questions
- How does the 'Access-Control-Allow-Origin' header work?
- Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?
- Access-Control-Allow-Origin Multiple Origin Domains?
- Firebase Storage and Access-Control-Allow-Origin
- API Gateway CORS: no 'Access-Control-Allow-Origin' header
- No 'Access-Control-Allow-Origin' header is present on the requested resource—when trying to get data from a REST API
- “Origin null is not allowed by Access-Control-Allow-Origin” error for request made by application running from a file:// URL
- Response to preflight request doesn't pass access control check - No 'Access-Control-Allow-Origin' header
- Origin is not allowed by Access-Control-Allow-Origin
- No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '...' is therefore not allowed access