• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Issue Access-Control-Allow-Origin header Missing

D

djchinezu2

New Pleskian
I have included this javascript on other domains:
PHP: 
var id = "<?php echo check_input($_GET['token']); ?>";
    var querystring = "";
    var lockerurl = "https:\/\/www.example.com\/contentlocker\/getlocker.php?" + 'id=' + encodeURIComponent(id) + '&r=' + encodeURIComponent(referrer) + querystring;


    var iframecontents;
    var old_display;

    function optionstoquery(options) {

        var query = "";

        if (options.mt) query += "&mt=" + encodeURIComponent(options.mt);
        if (options.dt) query += "&dt=" + encodeURIComponent(options.dt);
        if (options.dd) query += "&dd=" + encodeURIComponent(options.dd);
        if (options.md) query += "&md=" + encodeURIComponent(options.md);

        return query;

    }

    function og_load(options) {

        if (options) lockerurl += optionstoquery(options);

                        //preload
            var xhr = new XMLHttpRequest();
            xhr.open('GET', lockerurl, true);
            xhr.onreadystatechange = function() {
                if (this.readyState!==4) return;
                if (this.status!==200) {
                    iframecontents = false;
                    return;
                }

                iframecontents = this.responseText;
            };
            xhr.send();

            ogEditBody();
                }

In console of browser I have this error:

Code: 
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.example.com/contentlocker/getlocker.php?id=3e066b64a78214a17620b5521b6d3ec4&r=aHR0cDovL2NwYWh1Yi51cy9yb29zdGVyMi5odG1s. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

getlocker.php contains some php and html code!

I using

and I have tried by adding in getlocker.php:

Code: 
header('Access-Control-Allow-Origin: *');
But still not working!

Any idea? Thank you!
 
Try the following in a .htaccess file;

Code: 
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
 
You must log in or register to reply here.

Similar threads

S
Issue htaccess header missing
Replies
1
Views
1K
SKDamon
S
s-light
Question NINGX CORS for multiple sub.domains
Replies
1
Views
1K
s-light
s-light
I
Issue CORS: "Only One Origin Allowed"-Error - where does second origin * come from?
Replies
0
Views
2K
it78croix
I
H
Question I want to use my original domain and not get SSL warnings when accessing the control panel.
Replies
4
Views
2K
Hideki.Oride
H
V
Question Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Replies
17
Views
12K
brijeshgurung187@gmai
B
Back
Top