top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Access-Control-Allow-Origin header missing in PHP?

+1 vote
931 views

I have the following code to add the appropriate header then redirect but I am still getting an error that this header is missing. What am I doing wrong?

 header("HTTP/1.1 301 Moved Permanently");
 header("Access-Control-Allow-Origin: http://".$_SERVER['HTTP_HOST']);
 $augmentedUrl = $playbackbase."?authTicket=$authTicket";
 header("Location: $augmentedUrl");
posted Jan 24, 2014 by Amit Mishra

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

HTTP_HOST always has origin access to resources (unless you are using subdomains that is), just confirm that it is the host you want to give access to. Besides that I think you want to have that access control @$playbackbase url as well.

answer Jan 24, 2014 by Luv Kumar
Similar Questions
+1 vote
$scope.addTodo = function() {     
    var url = 'http://services.postcodeanywhere.co.uk/PostcodeAnywhere/Interactive/Find/v1.10/json2.ws?Key=XE97-xXxx-YG99-JK92&SearchTerm=12345&PreferredLanguage=English&Filter=&UserName=&CallbackFunction=a';
    var config1 = {headers:{
    'Access-Control-Allow-Origin':'*',
    'Access-Control-Allow-Methods': ['OPTIONS', 'GET', 'POST'],
    'Access-Control-Allow-Headers':'Origin, X-Requested-With, Content-Type, Accept',
    'Content-Type':'text/plain; charset=utf-8',
    'Accept':'*/*'
            }};
   //  alert("hello");
   alert("url" + url);
   //Enable cross domain calls
   $http.defaults.useXDomain = true;
   // alert("$http.defaults.useXDomain");
   //Remove the header used to identify ajax call  that would prevent CORS from working
   delete $http.defaults.headers.common['X-Requested-With'];
    //   alert("$http.defaults.headers.common");
    //  alert("$http.config1"+config1);
    //  alert("url" + url);

    $http.get(url, config1).success(function (data, status, headers, config) {
  alert("success");
  if(data.success){
  alert("inside success");
  }else{
   alert("inside else");
  }
}).
error(function (data, status, headers, config) {
alert("Error, please report to admin. Error code is " + status);
//alert("data, please report to admin. Error code is " + data);      
});
};
0 votes

Running Apache 2.4.7 and current configuration limiting access to a directory to only clients that can provide a trusted client certificate. Server is SSL host. Would like to modify configuration to allow "local" clients (127.0.0.1, etc. as defined by Require local auth provider) to access the directory without authenticating with a client certificate. So the local host may access the directory without SSL client auth, but all others must authenticate with a client certificate or access is forbidden. What is the best/proper way to do this?

I would like to use modern directives (avoiding Allow, Deny, Order etc. from mod_access_compat) but I am not clear how to combine Require related directives with mod_ssl options like SSLVerifyClient.

Thanks in advance?

...