Cross-Origin Request Blocked


#1

I have code :
$$(’#test-button’).on(‘click’, function () {
// console.log(“test-button category”);
// app.dialog.alert(‘Hello world!’);
app.request({
url: ‘https://tiengnhateasy.com/crostest.php’,
method: “GET”,
dataType: “json”,
// data: data,
crossDomain: true,
headers: {
‘Access-Control-Allow-Origin’: ‘’,
‘Access-Control-Allow-Headers’: ‘Origin, X-Requested-With, Content-Type, Accept’
},
beforeSend: function(xhr) {
xhr.withCredentials = false;
xhr.setRequestHeader(‘Access-Control-Allow-Origin’, '
’);
},
success: function(res) {
console.log(res);
},
error: function(xhr) {
console.log(‘error’);
console.log(xhr);
}
});
});
when i submit for get json data from another domain, i get err :
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://tiengnhateasy.com/crostest.php. (Reason: missing token ‘access-control-allow-headers’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel).[Learn More]

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://tiengnhateasy.com/crostest.php. (Reason: CORS request did not succeed).[Learn More]
Please help me resolve this err!!!Thanks so much


#2

You have to put explicit headers in your PHP script to allow cross domain request. (This allows for apps without domain as well)

Put this on top of your PHP file:

header("Access-Control-Allow-Origin: *");
header('Access-Control-Allow-Headers: Authorization');

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') die();

#3

How about acces direct json file like : https://tiengnhateasy.com/test.json
Thanks you


#4

Then you have to add the same headers in your webserver configuration (Apache/nginx etc). An example by using a .htaccess file:

<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin *
</IfModule>