Reputation: 81
Access-Control-Allow-Origin: Access for all users just to one site
I'm currently coding a php website which reads certain values from a json file from my server. Now when i request the xmlhttp request to my server, i get the Access-control-allow-origin ERROR in console. I already find out i have to set Access-control-allow-origin: *; in my Apache configuration but i don't want to use * because I don't want to give everyone access to my website. So how can i just give permission for one json file to every client?
var requestURL = 'https://myWebsite/blabla.json';
var request = new XMLHttpRequest();
request.open('GET', requestURL);
request.responseType = 'json';
request.send();
request.onload = function() {
var response = request.response;
jackpot = response.items[0].value;
var inner = document.getElementById("myid");
inner.innerHTML = jackpot+" EURO";
this is my js code and i always get the Error, except i use Access-control-allow-origin: *, which i dont want to use because its unsave.
Please care im little new to web coding so im not really professional sorry.
Upvotes: 0
Views: 156
Answers (1)
Reputation: 1354
In your PHP backend, allow only to your domain for Access-control-allow-origin not *. So that it will be safe.
Upvotes: 0
Related Questions
- how to bypass Access-Control-Allow-Origin?
- CORS / Access-Control-Allow-Origin
- How to resolve Access-Control-Allow-Origin error?
- Add Access-Control-Allow-Origin: * easily to JSON
- Access-Control-Allow-Origin in htaccess
- How to grant "Access-Control-Allow-Origin" to one specific site, using php
- PHP Access-Control-Allow-Origin not working
- How to implement Access-Control-Allow-Origin:*
- Issue with Access-Control-Allow-Origin on server
- Access-Control-Allow-Origin for multiple domains, in an easier way