Cross-Origin Request Blocked

DucLH · May 3, 2019, 7:04am

I have code :
$$(’#test-button’).on(‘click’, function () {
// console.log(“test-button category”);
// app.dialog.alert(‘Hello world!’);
app.request({
url: ‘https://tiengnhateasy.com/crostest.php’,
method: “GET”,
dataType: “json”,
// data: data,
crossDomain: true,
headers: {
‘Access-Control-Allow-Origin’: ‘’,
‘Access-Control-Allow-Headers’: ‘Origin, X-Requested-With, Content-Type, Accept’
},
beforeSend: function(xhr) {
xhr.withCredentials = false;
xhr.setRequestHeader(‘Access-Control-Allow-Origin’, '’);
},
success: function(res) {
console.log(res);
},
error: function(xhr) {
console.log(‘error’);
console.log(xhr);
}
});
});
when i submit for get json data from another domain, i get err :
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://tiengnhateasy.com/crostest.php. (Reason: missing token ‘access-control-allow-headers’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel).[Learn More]

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://tiengnhateasy.com/crostest.php. (Reason: CORS request did not succeed).[Learn More]
Please help me resolve this err!!!Thanks so much

Tim · May 3, 2019, 7:18am

You have to put explicit headers in your PHP script to allow cross domain request. (This allows for apps without domain as well)

Put this on top of your PHP file:

header("Access-Control-Allow-Origin: *");
header('Access-Control-Allow-Headers: Authorization');

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') die();

DucLH · May 3, 2019, 7:36am

How about acces direct json file like : https://tiengnhateasy.com/test.json
Thanks you

Tim · May 3, 2019, 7:41am

Then you have to add the same headers in your webserver configuration (Apache/nginx etc). An example by using a .htaccess file:

<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin *
</IfModule>