• 0

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191


File: /var/www/html/cnasolution/site/application/views/question.php
Line: 191
Function: _error_handler

File: /var/www/html/cnasolution/site/application/controllers/Questions.php
Line: 419
Function: view

File: /var/www/html/cnasolution/site/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

blocked by CORS , how to solve it? [duplicate]

I have a simple PHP script that I am attempting a cross-domain CORS request:

Yet I still get the error:

Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers

Anything I'm missing?

Download script demo [LINK] [Origin]
Download script demo [LINK 2] [Onedrive] Download script demo [LINK 2] [Google drive]

Handling CORS requests properly is a tad more involved. Here is a function that will respond more fully (and properly).

/**  *  An example CORS-compliant method.  It will allow any GET, POST, or OPTIONS requests from any  *  origin.  *  *  In a production environment, you probably want to be more restrictive, but this gives you  *  the general idea of what is involved.  For the nitty-gritty low-down, read:  *  *  - https://developer.mozilla.org/en/HTTP_access_control  *  - http://www.w3.org/TR/cors/  *  */ function cors() {      // Allow from any origin     if (isset($_SERVER['HTTP_ORIGIN'])) {         // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one         // you want to allow, and if so:         header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");         header('Access-Control-Allow-Credentials: true');         header('Access-Control-Max-Age: 86400');    // cache for 1 day     }      // Access-Control headers are received during OPTIONS requests     if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {          if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))             // may also be using PUT, PATCH, HEAD etc             header("Access-Control-Allow-Methods: GET, POST, OPTIONS");                   if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))             header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");          exit(0);     }      echo "You have CORS!"; } 
  • 0
Reply Report

I got the same error, and fixed it with the following PHP in my back-end script:

header('Access-Control-Allow-Origin: *');  header('Access-Control-Allow-Methods: GET, POST');  header("Access-Control-Allow-Headers: X-Requested-With"); 
  • 0
Reply Report

I've simply managed to get dropzone and other plugin to work with this fix (angularjs + php backend)

 header('Access-Control-Allow-Origin: *');      header("Access-Control-Allow-Credentials: true");     header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');     header('Access-Control-Max-Age: 1000');     header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token , Authorization'); 

add this in your upload.php or where you would send your request (for example if you have upload.html and you need to attach the files to upload.php, then copy and paste these 4 lines). Also if you're using CORS plugins/addons in chrome/mozilla be sure to toggle them more than one time,in order for CORS to be enabled

  • 0
Reply Report