These three headers are added using PHP
header('Content-Type: application/json; charset=UTF-8;');
header('Access-Control-Allow-Methods: GET, POST');
header('Access-Control-Allow-Origin: *');
All the headers sent are:
HTTP/1.1 200 OK
Date: Mon, 30 Jun 2014 06:39:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.28
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=1, private, must-revalidate
Content-Length: 20
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: application/json; charset=UTF-8;
Yet when trying to use $.json or $.post to target this server, I get this error in the Chrome Console:
XMLHttpRequest cannot load .php?mode=addto&apikey=606717496665bcba. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access.
I know this is a possible duplicate of a few other questions, but since I have gone through many of them and tried a few things out of them to try and fix this: I would appreciate some specific replies to deal with my issue at hand.
As Joachim Isaksson figured out, its because the initial headers consist of a 301 Redirect, is there any way to force the request to follow the Redirect before checking for the Access-Control-Allow-Origin headers?
These three headers are added using PHP
header('Content-Type: application/json; charset=UTF-8;');
header('Access-Control-Allow-Methods: GET, POST');
header('Access-Control-Allow-Origin: *');
All the headers sent are:
HTTP/1.1 200 OK
Date: Mon, 30 Jun 2014 06:39:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.28
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=1, private, must-revalidate
Content-Length: 20
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Content-Type: application/json; charset=UTF-8;
Yet when trying to use $.json or $.post to target this server, I get this error in the Chrome Console:
XMLHttpRequest cannot load http://cms.webdevguru.co.uk/gurucms.php?mode=addto&apikey=606717496665bcba. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://remote.webdevguru.co.uk' is therefore not allowed access.
I know this is a possible duplicate of a few other questions, but since I have gone through many of them and tried a few things out of them to try and fix this: I would appreciate some specific replies to deal with my issue at hand.
As Joachim Isaksson figured out, its because the initial headers consist of a 301 Redirect, is there any way to force the request to follow the Redirect before checking for the Access-Control-Allow-Origin headers?
Share Improve this question edited Jun 30, 2014 at 7:04 t3chguy asked Jun 30, 2014 at 6:53 t3chguyt3chguy 1,0187 silver badges17 bronze badges 4-
I get a
301 Moved Permanentlyusing that link, with no CORS header. The link it redirects to sends the header. – Joachim Isaksson Commented Jun 30, 2014 at 6:59 - I didn't think of using the full link, thanks secure27.qnop/~t3chguy/cms/gurucms.php I'll try it now – t3chguy Commented Jun 30, 2014 at 7:01
- I sort of expected it to follow the 301 through then read those headers :/ Any way to make it do so? – t3chguy Commented Jun 30, 2014 at 7:02
- Added the above as an answer instead, and added a possible workaround. – Joachim Isaksson Commented Jun 30, 2014 at 7:37
1 Answer
Reset to default 7The reason CORS isn't working is that your link gives a "301 Moved Permanently" without a CORS header, redirecting to another link.
The link it redirects to sends the header, however it seems CORS has already given up the preflight on the first response.
Passing back a "Access-Control-Allow-Origin" header with the 301 may solve your problem, that should allow the preflight to continue.