CODEWITHSUNDEEP
javascriptphpangularjscross-domain
Suresh Kamrushi
Suresh Kamrushi

Reputation: 16076

Ajax call giving me cross domain error

I have just moved my application to production server and getting an error when i try to access the page using "www" When i try to load my page as "http://example.com" it load the page and content properly and when i try to access page like "www.example.com" my all ajax calls are giving errors like :

XMLHttpRequest cannot load http://example.com/dashboard/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.example.com' is therefore not allowed access.

I am using PHP with angular.

Upvotes: 3

Views: 524

Answers (4)

Quentin
Quentin

Reputation: 943142

This is to be expected. The Same Origin Policy states:

Two pages have the same origin if the protocol, port (if one is specified), and host are the same for both pages.

www.example.com and example.com are different hostnames, so you are crossing origins.

While the colloquialism is to refer to cross-domain requests, it is cross-origin requests that are significant; cross-domain requests are only a subset of those.

Don't host your site on multiple hostnames, pick one and stick to it. (You'll probably want to set up a redirect from the other one to it).

Using relative instead of absolute URIs would also reduce the possibility of this kind of mistake.

Upvotes: 0

user1267177
user1267177

Reputation:

When you make a request from browser, browser does a prefetch (sometime it doesn't) in either case, it checks if Access-Control-Allow-Origin actually allows your client's site to make request on different domain (web security stuff). If that doesn't match to where you are sending request from, browser blocks the request and doesn't send it.

To make request, you will need to edit the server side (on PHP), you should allow that domain, it also supports wildcards:

<?php
header("Access-Control-Allow-Origin: www.example.com");
?>

Now you can start making requests from anywhere, you can also limit the requests to specific domain so that only one domain can send you requests like:

header("Access-Control-Allow-Origin: example.com");

Upvotes: 0

Nitheesh
Nitheesh

Reputation: 19986

This issues is occurring because you have not set the access control origin at your server side. You can solve this issue by setting it at server end 

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: *");

Upvotes: 0

Nick Surmanidze
Nick Surmanidze

Reputation: 1689

Is your website served with www and without it the same way? if not maybe you could add rewrite rule to htaccess so version with www and without it would serve both the same way? In such case you should not get cross domain error

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com
RewriteRule (.*) http://www.example.com/$1 [R=301,L]

Upvotes: 1

Related Questions