how to add Access-Control-Allow-Origin

Question

how to add Access-Control-Allow-Origin

gillivt opened this issue 8 years ago · comments

I am trying to access my service from another site and getting the following error:

XMLHttpRequest cannot load http://ibds.comp-solutions.org.uk/login. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

How do I add 'Access-Control-Allow-Origin', Can I do this for more than one site or even allow all sites?

gillivt · Answer 1 · Fri Jun 03 2016 22:40:14 GMT+0800 (China Standard Time)

I seem to have fixed the problem using a proxy server, thanks

Jacob Wright · Answer 2 · Mon Jun 06 2016 23:07:02 GMT+0800 (China Standard Time)

For future, you can also add headers using PHP's built-in header function. Just add the correct headers for CORs to whatever you want to allow.

Nick Vledder · Answer 3 · Sat Jan 14 2017 23:50:56 GMT+0800 (China Standard Time)

Hello Jac,
It took me some time to figure out how to solve it. In the end at server side in index.php I added:
header("Access-Control-Allow-Origin: *"); and it worked. I am not an CORS-expert, therefore I am not sure it is a good solution from a security perspective.

Thanks a lot for you RESTserver-classes,

Regards,

Nick