Origin is not allowed by Access-Control-Allow-Origin

by

I wrote an article on this issue a while back, Cross Domain AJAX.

The easiest way to handle this if you have control of the responding server is to add a response header for:

Access-Control-Allow-Origin: *

This will allow cross-domain Ajax. In PHP, you’ll want to modify the response like so:

<?php header('Access-Control-Allow-Origin: *'); ?>

You can just put the Header set Access-Control-Allow-Origin * setting in the Apache configuration or htaccess file.

It should be noted that this effectively disables CORS protection, which very likely exposes your users to attack. If you don’t know that you specifically need to use a wildcard, you should not use it, and instead you should whitelist your specific domain:

<?php header('Access-Control-Allow-Origin: http://example.com') ?>

More Related Contents:

  1. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘…’ is therefore not allowed access
  2. Why am I seeing an “origin is not allowed by Access-Control-Allow-Origin” error here? [duplicate]
  3. CORS error on same domain?
  4. Why am I seeing an “origin is not allowed by Access-Control-Allow-Origin” error here? [duplicate]
  5. Understanding AJAX CORS and security considerations
  6. Is CORS a secure way to do cross-domain AJAX requests?
  7. How to Detect Cross Origin (CORS) Error vs. Other Types of Errors for XMLHttpRequest() in Javascript
  8. Microsoft Edge blocked cross-domain requests sent to IPs in same private network CIDR
  9. How can I upload files asynchronously with jQuery?
  10. jQuery XML error ‘ No ‘Access-Control-Allow-Origin’ header is present on the requested resource.’
  11. No ‘Access-Control-Allow-Origin’ header is present on the requested resource error
  12. Prevent redirection of Xmlhttprequest
  13. Firefox ‘Cross-Origin Request Blocked’ despite headers [closed]
  14. Why does the preflight OPTIONS request of an authenticated CORS request work in Chrome but not Firefox?
  15. CORS request not working in Safari
  16. Show a progress bar for downloading files using XHR2/AJAX
  17. How to get response url in XMLHttpRequest?
  18. Fetch API vs XMLHttpRequest
  19. Cross Domain Resource Sharing GET: ‘refused to get unsafe header “etag”‘ from Response
  20. What’s to stop malicious code from spoofing the “Origin” header to exploit CORS?
  21. How to allow CORS in react.js?
  22. Cross-site XMLHttpRequest
  23. How can I modify the XMLHttpRequest responsetext received by another function?
  24. Solve Cross Origin Resource Sharing with Flask
  25. Cross-Origin XMLHttpRequest in chrome extensions
  26. Cross-domain connection in Socket.IO
  27. XMLHttpRequest: Network Error 0x80070005, Access is denied on Microsoft Edge (but not IE)
  28. Phantom JS synchronous AJAX request : NETWORK_ERR: XMLHttpRequest Exception 101
  29. CORS error with jquery
  30. XMLHttpRequest testing in Jest

Leave a Comment