i am using api call to share post on company page , when i do this from localhost it works fine, but when i put it on live VPS it fails
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin "MY ADDRESS I REMOVED FOR MY SECURITY" is therefore not allowed access.
I have googled it and found that it is a problem with the CORS headers , i have tried to add Header set Access-Control-Allow-Origin "*" in .htaccess i set but still nothing, any and all pointers or fixes would be appreciated , thanks
i use php 5.6 and apache 2.4.18
Adding this as answer so that anyone can find it. As #HoldOffHunger suggeted.
Ok so i managed to fix this error by adding headers not only to .htaccess but also to my ajax calls and it is working, so if you have same error fix it by adding Access-Control-Allow-Origin "*" headers in ajax call, change "*" with your origin.
Related
Hi I'm trying to use http://nominatim.openstreetmap.org/searchformat=json&q= on a WordPress site to get long and lat from an adresse to set markers on a leaflet map and it works fine as long a I'm logged in as an admin but when I'm not I get this error
Access to XMLHttpRequest at 'http://nominatim.openstreetmap.org/search?format=json&q=3%20rue%20du%20G%C3%A9n%C3%A9ral%20Leclerc,%20Schwindratzheim' from origin 'http://isad-confort.projet-maquette.fr' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I can't find an answers that I understand on how to set the header Access-Control-Allow-Origin, can someone explain me what I should do.
I solved it juste needed to change my request from
jQuery.get(location.protocol + '//nominatim.openstreetmap.org/search?format=json&q='
To
jQuery.get('https://nominatim.openstreetmap.org/search?format=json&q='
Thanks peeebeee
Having a Perl Catalyst application, which produces JSON, I need to read that JSON content using jQuery within an HTML page, served by an Apache server. Both applications, Catalyst and Apache are running on the same host.
When I access the Catalyst URL from Apache I get the error
Access to XMLHttpRequest at 'http://localhost:3000/abc/json_list' from origin 'http://localhost:8888' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
As I red in many topics, a header (or more) must be set. In this case the Catalyst must be set but I don't know how.
Any hint?
Catalyst allows you to set response headers using the header method on the response object.
$c->res->header( "Access-Control-Allow-Origin" => "http://localhost:8888" );
Consider using a controller's sub auto or using existing middleware if you have multiple endpoints that need to provide permission via CORS.
Our application supports CORS configurations headers.
I have configured testApp separately on two different hosts. Both the setups work independent of each other.
Application on host1 is configured with CORS header Access-Control-Allow-Origin to pointing to application on host2.
When I access the application pages of host2 am expecting it to show Access-Control-Allow-Origin header in response. But which is missing.
How to test to CORS headers to confirm its working properly or coded properly to support cross domain resource sharing.
You can leverage the fetch provided by the browser debugger (F12 on Chrome and Firefox, then go to console):
fetch('https://google.ca')
If you get a CORS error then that means the current site you opened your debugger with (Origin) is not included in the Access-Control-Allow-Origin header by the site you're fetching from.
You could test it with cUrl from terminal.
curl -v --request OPTIONS **'localhost:3000'** --header 'Origin: **http://some.origin.here**'; --header 'Access-Control-Request-Method: GET'
If your application returns the header: Access-Control-Allow-Origin then it should work. In my particular use case I set it to "*".
Otherwise testing will show an error, viewable from a browser console. It will say something like: Access to ... has been blocked by CORS policy
You can test if the CORS headers are working properly using your browser.
I used this one and hope this helps. You will find the instructions in it. https://github.com/cactuz/cors-tester-from-browser
You can test it with any rest client like POSTMAN Rest Client, or simply you can check it from browser console - > Network tab -> in xhr filter - check the header for the particular request. you can check request and response.
Hi I am having an issue with CORS on safari. My request is working fine in every other browser except safari. I keep getting the error message [host] not allowed by Access-Control-Allow-Origin although the api specifically sets the request url in the response for both the OPTIONS request and the POST request.
I have researched this endlessly but nothing I have found has worked.
I have attached a screenshot from chrome which you can see all of the request and response headers and a screenshot from Safari where you can see the error. It is exactly the same request with exactly the same parameters.
Chrome:
Safari:
Thanks in advance!
Cross Origin Resource Sharing calls are generally blocked by browsers and thus API calls made from a website (in your case localhost:3004) to a remote host 52.85.173.227 (I think you have hosted it in Amazon's API Gateway).
What you need to do to enable CORS .
If you are using AMazon's API Gateway .
Click on the resources and in the Action , you have an option where you can enable CORS . Do that and it will add the headers to enable CORS .
Option on AWS API Gateway to enable CORS
Once you do this your response header of OPTIONS call will have "Access-Control-Allow-Origin" as "*" .
Thus your browser / web site will be able to make cross origin calls.
Hope this helps.
I have a PHP REST service and a Ionic2 project that 'out of the box' runs on Node.js localhost:8100. The REST service runs on my computer on localhost:80. When I want to do calls from Ionic2 (Angular2) to my server on localhost I get this error in the browser console:
XMLHttpRequest cannot load http://localhost/app_dev.php/login.
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:8100' is therefore not allowed access.
The response had HTTP status code 404.
Wat I understand is that this is a CORS issue (Cross origin resource sharing). As I understand A way to solve this would be to change the build script in ionic to point to a front end distribution location in my Apache project and run the whole project from localhost:80. Another solution is to change the 'Access-Control-Allow-Origin' header.
What is the most simple straight forward solution for this problem?
Checked the possible duplicates, and there was an potential ANSWER to which I want to add some more detail:
Since you are dealing with PHP, the following has worked for me by just adding on top of your php script the following:
<?php
header('Access-Control-Allow-Origin: *'); // this!
header('Access-Control-Allow-Headers: Content-Type'); // and this!
//more code here
?>
During development, you might very possibly need to enable CORS in your browser, here's an extension for CHROME
Hope this helps! :)