Reputation: 1
Refused to get unsafe header "X-JSON
I am using a freePHPchat plugin from dokuwiki. The chat application loads fine when i am using MYIP http://ServerIP/dokuwiki/doku.php?id=chat2 but when i use it with my DNS such as http://MyDomainName/doku.php?id=chat2 the chrome browser throws "Refused to get unsafe header "X-JSON" and the chat doesn't load.
I have added the following to my apache.conf. As suggested by other articles. Still no luck. Can anyone help me to resolve this issue?
<Directory />
Options FollowSymLinks
AllowOverride All
Require all granted
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
#Header set Access-Control-Allow-Headers "Origin, x-requested-with, Content-Type, Content-Type, x-json, Accept"
#Header set Access-Control-Allow-Methods "GET,POST,OPTIONS"
#Header set Access-Control-Allow-Headers "Content-Type, x-prototype-version, x-requested-with, JSON, X-JSON"
</Directory>
Below are my access.log
SourceIP - - [07/Sep/2016:20:00:18 +0000] "POST /dokuwiki/lib/plugins/freechat/backend.php HTTP/1.1" 200 490 "ServerIP/dokuwiki/doku.php?id=chat2" "Mozilla/5.0 (X11; CrOS x86_64 8350.68.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
SourceIP - - [07/Sep/2016:20:00:18 +0000] "OPTIONS /dokuwiki/lib/plugins/freechat/backend.php?pfc_ajax=1&f=loadChat HTTP/1.1" 200 699 "MyDomainName/doku.php?id=chat2" "Mozilla/5.0 (X11; CrOS x86_64 8350.68.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
SourceIP - - [07/Sep/2016:20:00:18 +0000] "GET /dokuwiki/lib/plugins/freechat/backend.php?pfc_ajax=1&f=loadChat HTTP/1.1" 200 698 "MyDomain/doku.php?id=chat2" "Mozilla/5.0 (X11; CrOS x86_64 8350.68.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"
Upvotes: 0
Views: 2401
Answers (1)
Reputation: 140
Add X-JSON to Access-Control-Expose-Headers.
Header set Access-Control-Expose-Headers "Content-Length, X-JSON"
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Accept, Content-Type, X-Forwarded-For, X-Prototype-Version, X-Requested-With"
Header set Access-Control-Allow-Methods "GET, OPTIONS, PUT, POST"
Upvotes: 1
Related Questions
- X-Requested-With is not allowed by Access-Control-Allow-Headers
- Ajax request: Refused to set unsafe header
- xwiki REST ajax call error
- Refused to get unsafe header "Location"
- Google API + PHP + Ajax Call - Access-Control-Allow-Origin' header is present on the requested resource
- javascript - No 'Access-Control-Allow-Origin' header is present on the requested resource. i dont know what to do
- Why I get "ERR_RESPONSE_HEADERS_TOO_BIG" on chrome?
- Refused to set unsafe header "Connection"
- How to Address "Refused to Set Unsafe Header: Connection"?
- Invalid JSON in Chrome, no problem in Firefox (so strange!)