CODEWITHSUNDEEP
phpangularjsweb-applicationscross-domainhttprequest
korteee
korteee

Reputation: 2682

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at url

It's the very famous browser error. I know it has been discussed a lot but I've noticed is a very generic error so I want to present my problem.

I am making simple requests (get,post) on a server where I have access. My browsers (chrome, firefox) give me Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at url (Reason: CORS header 'Access-Control-Allow-Origin' does not match 'null'). error.

When I use some of (hacking)plugins I get the responses fine.

What I've tried is to add on my back-end (on server):

header('Access-Control-Allow-Origin: *');

in index.php file with no luck. Any other ideas ?

Upvotes: 3

Views: 26144

Answers (5)

Dharmendra Manikpuri
Dharmendra Manikpuri

Reputation: 29

You can whitelist the blocked URL like:

script-src 'unsafe-inline' https: 'nonce-abcdefg' 'strict-dynamic'

Upvotes: 0

Dharmendra Manikpuri
Dharmendra Manikpuri

Reputation: 29

I have solved this issue.

  1. In your config.php add www pre in your domain.com exa.

// HTTP

define('HTTP_SERVER', 'http://domain name with www/');

// HTTPS

define('HTTPS_SERVER', 'http://domain name with www/');

  1. Add you htaccess file

    RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L]

Upvotes: 1

Adam T
Adam T

Reputation: 675

There are several ways to do this. One way is the javascript way, which requires a callback and one example can be found here: Loading cross domain html page with AJAX

Another way is to utilize PHP's curl functionality. Of course there are many ways to do this, but one method that works well for me is to:

  • Create a standalone php page (can call it "fetch.php" if you like) that has 1 job. That job is to make a curl request to a given URL (your cross-domain url in this case) and echo the data that it gets from the remote site.
  • Change the AJAX URL from the cross-domain URL to the name of file created in previous step.
  • AJAX then knows it's making an HTTP request to a location inside its current domain even though it's getting its data from a cross-domain location.

Hope this helps, Adam

Upvotes: 0

Stackhelper
Stackhelper

Reputation: 63

I tried adding a chrome plugin "Allow-Control-Allow-Origin" after several tries with server side changes. Everything worked fine.

Upvotes: -2

ddepablo
ddepablo

Reputation: 677

Try adding

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: PUT, GET, POST");
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");

Upvotes: 6

Related Questions