GET via jQuery on a different server, problem with CORS

1

I'm trying to make a call GET/AJAX to a URL which is different from the one I'm calling, but I always get the message in the browser:

  

Failed to load link : In 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' link ' is therefore not allowed access.

I have tried to do both server Apache and NGINX and to enable CORS in several ways according to the documentation and some tips. I even tried via PHP add header :

<?php header("Access-Control-Allow-Origin: *"); ?>

But I always get the blocking message from CORS . Via POSTMAN the call normally occurs.

Should I ask the server administrator to release the IP of my server to make the calls or am I mistakenly configuring CORS or the call from my side on the server?

    
asked by anonymous 07.11.2017 / 14:36

3 answers

1

You are making a AJAX request for a different domain than your page is enabled. Therefore, the browser is blocking this because it usually allows an order in the same source for security reasons. You need to do something different when you want to make a cross domain request. A tutorial on how to do this with CORS (both with AJAX and XMLHttpRequest ) . p>

When you are using POSTMAN , they are not restricted by this policy. Quote from Cross-Origin XMLHttpRequest :

  

Regular web pages can use the XMLHttpRequest object to send and   receive data from remote servers, but they are limited by the same   policy of origin. Extensions are not so limited. An extension   can talk to remote servers outside their source, provided that   first request cross-source permissions.

    
07.11.2017 / 14:58
1

When actually I should be doing this on server-side, ie using PHP (cURL), Node.JS (HTTP Request).

The blocking happens exactly because the browser is prohibited from doing this type of action and will always result in the CORS error.

    
11.12.2017 / 18:45
0

I've created a class to help solve this problem:

/*
* Função Auxiliar para resolver o problema no chrome
*/

Auxi::Cors();
  

Here's the class:

<?php


final class Auxi{


    public static function Cors() {

        // Allow from any origin
        if (isset($_SERVER['HTTP_ORIGIN'])) {
            header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
            header('Access-Control-Allow-Credentials: true');
            header('Access-Control-Max-Age: 86400');    // cache for 1 day
        }

        // Access-Control headers are received during OPTIONS requests
        if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

            if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
                // may also be using PUT, PATCH, HEAD etc
                header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

            if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
                header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

            exit(0);
        }
    }

    private function __construct()
    {

    }
}
?>
    
07.11.2017 / 20:22