Reputation: 131
PHP syntax error results in a CORS error. Why?
I'm developing an eCommerce, using jQuery for the user's part and vue.js for the admin.
I use the same MySQL queries in PHP and connect PHP by AJAX to both parts of the web.
The files are in the non vue.js part, so I need to add some headers in the PHP response to allow access, I'm using these:
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");
header("Allow: GET, POST, OPTIONS, PUT, DELETE");
$method = $_SERVER['REQUEST_METHOD'];
if($method == "OPTIONS") {
die();
}
All works fine. But the moment I make a PHP syntax error, (for a example a line without semicolon) I receive the next message:
Access to XMLHttpRequest < path > from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Upvotes: 0
Views: 1470
Answers (2)
Reputation: 28767
It's surprising that a syntax error completely changes what you can retrieve. But think a little about it: CORS is a part what you send with PHP. If PHP fails, you send no or incorrect CORS information. Your permission system broke down.
Let me go into technical detail why this happens.
A HTTP response starts with headers, after which you have an empty line, then the payload (HTML text or image binary).
If you have a PHP error this arrangement gets broken. You get an empty page (the PHP white page of death) or you have the error message mixed into the headers or the payload or on its own.
Your browser should get these headers (among others) to accept CORS:
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE
and suddenly you have somehing like this instead:
Error : Parse error: syntax error, unexpected T_STRING, expecting ';' in file.php on line 17
CORS fails because the browser didn't get the correct headers.
Upvotes: 1
Reputation: 47584
A syntax error in your PHP code will make the code non-runnable.
The interpreter will just output an error and crash. In that sense, a CORS error is the least of your troubles.
If you want to understand why you get a CORS error instead of the error directly: on these AJAX requests the browser makes a "pre-flight" check before sending the actual request.
The pre-flight consists of a an OPTIONS request to the same URL that the main request will be made (which you seem to be aware of, since you are trying to handle a request of type OPTIONS by bailing out early, which is correct).
But if there is a syntax error in the file, none of it will be executed, and those header() statements won't be run. If the Access-Control-* headers are not returned to the OPTIONS request, the pre-flight check fails, and you get that error.
Simple fix: less syntax errors.
Upvotes: 2
Related Questions
- CORS issue on php built api
- Cors Policity Error: It does not have HTTP ok status
- CORS with php (Wordpress)
- Weird behavior of PHP fix for CORS policy
- CORS ORIGIN ISSUE
- CORS error requesting php file on NGINX
- Facing a CORS ERROR in local server
- CORS error - my headers
- What is the solution of this console error?
- Error in CORS ajax request