php-proxy icon indicating copy to clipboard operation
php-proxy copied to clipboard

Published 20 hours ago verified publisher icon Athlon1600

No 'Access-Control-Allow-Origin' header is present on the requested resource

Open domsie opened this issue 8 years ago • 0 comments

Hi, i have trouble with a few websites. Because there is no Access-Control-Allow-Origin Header that allow the access to cross origin resource.

has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://...' is therefore not allowed access.

In the HeaderRewritePlugin.php i have set

        $response->headers->set('Access-Control-Allow-Origin', '*');
        $response->headers->set('Access-Control-Allow-Credentials', 'true');
        $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
        $response->headers->set('Access-Control-Allow-Headers', 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type');

after loop to remove certain response headers... i mean after this part:

        // we need content-encoding (in case server refuses to serve it in plain text)
        $forward_headers = array('content-type', 'content-length', 'accept-ranges', 'content-range', 'content-disposition', 'location', 'set-cookie');

        foreach($response->headers->all() as $name => $value){

            // is this one of the headers we wish to forward back to the client?
            if(!in_array($name, $forward_headers)){
                $response->headers->remove($name);
            }
        }

I put this header also at the beginning of the index.php...

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header('Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type');

When i am call a website with the proxy the header looks okay: (chrome plugin "HTTP HEADERS')

Response Headers

access-control-allow-credentials
true access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type access-control-allow-methods
GET, POST, OPTIONS access-control-allow-origin *

but the croos origin resource errors are still there :-/ have you got a tip for me?

domsie avatar Jul 22 '16 10:07 domsie