Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Access-Control-Allow-Origin htaccess file not working

I am trying to enable HTTP access control (CORS) on a site using a .htaccess file with the following code:

Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Origin "Content-Type"
Header set Access-Control-Allow-Methods: "GET"

But I keep getting the error

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [DOMAINNAME] (Reason: CORS header 'Access-Control-Allow-Origin' does not match 'Content-Type').

What am I doing wrong? Every tutorial I've found seems to suggest it should work.

-edit- In Chrome the debug tools give me this additional info:

Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains the invalid value 'Content-Type'.

like image 387
evilscary Avatar asked Jul 12 '16 13:07

evilscary


People also ask

How do I fix Access-Control allow origin?

Since the header is currently set to allow access only from https://yoursite.com , the browser will block access to the resource and you will see an error in your console. Now, to fix this, change the headers to this: res. setHeader("Access-Control-Allow-Origin", "*");

Is not allowed Access-Control allow origin?

So, What is This Error Then? This error occurs when a script on your website/web app attempts to make a request to a resource that isn't configured to accept requests coming from code that doesn't come from the same (sub)domain, thus violating the Same-Origin policy.


1 Answers

Try with:

Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Content-Type"
Header set Access-Control-Allow-Methods "GET"
like image 142
Croises Avatar answered Sep 19 '22 11:09

Croises