CORS: No 'Access-Control-Allow-Origin' header - but php sets header file

Question

I know that there are serveral questions about cors have been aksed/answered... But I did not find a solution for my issue...

I receive the following error message in my js application (based on jquery/jquery mobile):

Failed to load resource: the server responded with a status of 500 (Internal Server Error)

XMLHttpRequest cannot load http://www.mydomain.de/api.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'xyz' is therefore not allowed access. The response had HTTP status code 500

PHP file starts with:

<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS");
header("Access-Control-Max-Age: 86400");    // cache for 1 day
...

Part of the js code:

$.ajax({
 type:      'POST',
 crossDomain: true,    
 cache:         false,
 url:       "http://www.mydomain.de/api.php",
 data:      payload,
 dataType:  'json',
 success:   function(a,b,c) { }
});

The php page is hosted at strato.de / php version 5.7

Any solution?

Answer 1

If the first solution doesn't work, then another solution is: Open you antivirus, find out 'virus chest' option and look for the file 'server.php' in the list and if you find this file then apply restore and add exception.

Answer 2

In your project, find the file web.config file. (I'm working in laravel, I find the file in public route, you get it in different path), Now add the following code after <system.webServer>

<httpProtocol>  
    <customHeaders>  
     <add name="Access-Control-Allow-Origin" value="*" />  
     <add name="Access-Control-Allow-Headers" value="Content-Type" />  
     <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />  
    </customHeaders>  
</httpProtocol>

Screenshot: write code

I think this will work perfectly.

Answer 3

You can use the dataType as JsonP

 dataType: 'jsonp'

Then you dont get the error