Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CORS not working anymore

Tags:

javascript

ajax

php

I'm having a strange problem that from one day to another my AJAX requests for a website not working anymore.

I'm now struggling to get it working and can't find the problem.

this is my javascript: basically it's realy simple, it retrieves the ip adres and then sends it (POST) to a site which stores it.


    var xhr = new XMLHttpRequest();
    xhr.open('GET', 'https://dashboard.inofec.nl/ip', true);

    // If specified, responseType must be empty string or "text"
    xhr.responseType = 'text';

        xhr.onload = function () {
            if (xhr.readyState === xhr.DONE) {
                if (xhr.status === 200) {
                    // console.log('R = ' + xhr.response);
                    // console.log('RT= ' + xhr.responseText);
                    tip = xhr.responseText;

                    var formData = new FormData();
                    formData.append('ip', tip);
                    formData.append('uri', turl);
                    formData.append('id', dataId);

                    var request = new XMLHttpRequest();
                    request.open("POST", "https://dashboard.inofec.nl/visits");
                    request.send(formData);

                    // console.log('IP  = ' + tip);
                    // console.log('URL = ' + turl);
                    console.log('ID  = ' + dataId);
                }
                else {
                    console.log('ERROR !');
                }
            }
        }
    xhr.send(null);

on the server I have now added this to avoid using a wildcard


    if (isset($_SERVER['HTTP_ORIGIN']) && $_SERVER['HTTP_ORIGIN'] != '') {
        header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
        header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
        header('Access-Control-Max-Age: 1000');
        header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
    }

When I used only

header('Access-Control-Allow-Origin: '); I got the error: Cross-Origin-request blocked: CORS-header ‘Access-Control-Allow-Origin’ does not match ‘, *’).

And with the new headers i get

CORS-header ‘Access-Control-Allow-Origin’ does not match ‘http://www.inofec.nl, *’).

But when I check the headers I see that it responds with the correct header.

Access-control-allow-headers
Content-Type, Authorization, X-Requested-With access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS access-control-allow-origin http://www.inofec.nl, *

like image 626
mdgeus Avatar asked Jan 31 '26 16:01

mdgeus

1 Answers

Yvo Cilon made me think about the multiple values. And pointed me in the right direction.

I searched for headers and noticed that on the webserver there was a header already set and I added it in my code.

I removed the header set in the webserver to have control on how and when it is used.

Thanks for sharing your thoughts.

like image 173
mdgeus Avatar answered Feb 02 '26 06:02

mdgeus

Sign in to Comment

Related questions

Server-Sent Event connections are not closed despite calling `close()`

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!