Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Codeigniter CORS policy: No 'Access-Control-Allow-Origin' error How to resolve?

Error: Access to Font at 'http://www.example.com//assets/global/plugins/font-awesome/fonts/fontawesome-webfont.woff2?v=4.4.0' from origin 'http://example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://example.com' is therefore not allowed access.

Solution:

<?php
header('Access-Control-Allow-Origin: *');

class Home extends CI_Controller {
    public function index()
    {
        $this->load->view('master');
    }
}
?>

I tried this Solution but it not working can you please help me How to resolve it? and How to remove index.php from URL?

like image 211
Rushabh Shah Avatar asked Jan 12 '17 10:01

Rushabh Shah


People also ask

How do I allow Access-Control allow origin in PHP?

You can add the origin of the request to the list of domains authorized to access the server's resources by adding it to the values of the Access-Control-Allow-Origin header. You can set it via the header() function of PHP (https://www.php.net/manual/fr/function.header.php).

Why does CORS policy no Access-Control allow origin?

To allow any site to make CORS requests without using the * wildcard (for example, to enable credentials), your server must read the value of the request's Origin header and use that value to set Access-Control-Allow-Origin , and must also set a Vary: Origin header to indicate that some headers are being set ...

How do you fix a CORS violation error?

In order to fix CORS, you need to make sure that the API is sending proper headers (Access-Control-Allow-*). That's why it's not something you can fix in the UI, and that's why it only causes an issue in the browser and not via curl: because it's the browser that checks and eventually blocks the calls.


8 Answers

Allowing cross-site scripting may cause security issues, try to adjust your codeigniter options;

  1. Go to application/config/config.php file,
  2. find $config['base_url'] = ""; and
  3. place your project folder's path as value.

     $config['base_url']="http://localhost/yourProjectFolder/";
    
like image 87
Tamer Durgun Avatar answered Oct 05 '22 21:10

Tamer Durgun


Try allowing GET & OPTIONS

<?php
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Methods: GET, OPTIONS");

If the above doesn't work, try allowing access to font resources via .htaccess (for apache) or in nginx server block - add these lines:

# Apache config
<FilesMatch ".(eot|ttf|otf|woff)">
    Header set Access-Control-Allow-Origin "*"
</FilesMatch>

or

# nginx config
if ($filename ~* ^.*?\.(eot)|(ttf)|(woff)$){
    add_header Access-Control-Allow-Origin *;
}
like image 24
Latheesan Avatar answered Oct 05 '22 21:10

Latheesan


Just we want add 'www' infront of domain name.

Go to application/config/config.php file,

 $config['base_url']="http://yourdoamin.com";

Change to

 $config['base_url']="http://www.yourdoamin.com";
like image 21
Murugan Vellaisamy Avatar answered Oct 05 '22 20:10

Murugan Vellaisamy


Codeigniter is a cool framework to manipulate PHP, for CORS, you don't need to enable it as it has security implications, just do the following

  1. open config.php,
  2. look for $config['base_url'] = "";
  3. change it to $config['base_url']="http://localhost/youproject/";

Save and reload your application. Your good to go

like image 30
Jacob Janga Avatar answered Oct 05 '22 22:10

Jacob Janga


Add "Allow from all" in .htaccess file if it still doesn't work.

<FilesMatch ".(ttf|otf|eot|woff|woff2)$">
  <IfModule mod_headers.c>
    Allow from all
    Header set Access-Control-Allow-Origin "*"
  </IfModule>
</FilesMatch>
like image 37
Tefy Rak Avatar answered Oct 05 '22 21:10

Tefy Rak


Add this directly to your php controller file:

Header('Access-Control-Allow-Origin: *'); //for allow any domain, insecure
Header('Access-Control-Allow-Headers: *'); //for allow any headers, insecure
Header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE'); //method allowed
like image 26
Dabai Avatar answered Oct 05 '22 21:10

Dabai


Use header() functions in your Codeigniter __construct

    public function __construct()
            {
                parent::__construct();
                $this->load->model('api_model');
                $this->load->library('form_validation');
        
                Header('Access-Control-Allow-Origin: *'); //for allow any domain, insecure
                Header('Access-Control-Allow-Headers: *'); //for allow any headers, insecure
                Header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE'); //method allowed

//Or

        header('Access-Control-Allow-Origin: website_url');
        header("Content-Type: application/json; charset=UTF-8");
        Header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE'); //method allowed
            }
like image 40
dev Avatar answered Oct 05 '22 22:10

dev


In my experience none of this answers was usable for me and the important item missed . Using "*" is insecure.

header("Access-Control-Allow-Headers: Origin,X-Requested-With");

Every where in web , experts just hint to little and common list of this headers. If you are customized the headers for some reasons like authorization you need to use extended list like this. Use the headers related to your used options

header("Access-Control-Allow-Headers: Origin,X-Requested-With,Content-Type,Accept,Access-Control-Request-Method,Authorization,Cache-Control")
like image 27
ganji Avatar answered Oct 05 '22 22:10

ganji