No 'Access-Control-Allow-Origin' header is present on the requested resource

Question

I had this error

XMLHttpRequest cannot load http://domain.com/canvas/include/rs-plugin/js/extensions/revolution.extension.video.min.js. Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response.

I have these 2 lines at the top of my php page that load this js file.

header("access-control-allow-origin: *");

But the issues persist, what should I do.

I am trying to access

domain.com  js file from subdomain.domain.com

This is my header response

access-control-allow-origin:* Connection:Keep-Alive

Content-Encoding:gzip Content-Length:4799 Content-Type:text/html

Date:Wed, 25 May 2016 06:28:04 GMT Keep-Alive:timeout=5, max=100

Server:Apache/2.4.7 (Ubuntu) Vary:Host,Accept-Encoding

X-Powered-By:PHP/5.5.9-1ubuntu4.14

Answer 1

Try to add access controll on htaccess from origin domain.

<IfModule mod_headers.c>
   Header set Access-Control-Allow-Origin "*"
</IfModule>

Is not secure to allow access controll for the all sites. So replace the "*" sign with a specific domain