Menu
Trying to access my API via Ajax and I'm getting this error:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9090' is therefore not allowed access. The response had HTTP status code 404.
My NGINX configuration looks like this and I'm using Varnish too.
server {
listen 127.0.0.1:8080;
server_name api.example.cc;
access_log /var/log/nginx/api.access.log combined;
error_log /var/log/nginx/api.error.log;
root /home/spark/api.example.cc/web;
#index index.php;
try_files $uri /index.php;
set $cache_uri $request_uri;
location / {
add_header 'Access-Control-Allow-Origin' 'http://localhost:9090';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
}
}
curl -X OPTIONS -i http://api.example.cc results:
HTTP/1.1 204 No Content
Server: nginx/1.8.0
Date: Wed, 30 Dec 2015 20:14:27 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
Access-Control-Max-Age: 1728000
Content-Type: text/plain charset=UTF-8
Content-Length: 0
X-Varnish: 65550
Age: 0
Via: 1.1 varnish-v4
Connection: keep-alive
curl -X GET/POST -i http://api.example.cc results:
HTTP/1.1 403 Forbidden
Server: nginx/1.8.0
Date: Wed, 30 Dec 2015 20:23:17 GMT
Content-Type: text/html
Content-Length: 168
X-Varnish: 32823
Age: 0
Via: 1.1 varnish-v4
Connection: keep-alive
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
537
In order to allow CORS in NGINX, you need to add add_header Access-Control-Allow-Origin directive in server block of your NGINX server configuration, or virtual host file.
If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard.
This happens if you haven't set up CORS configuration correctly. you can fix this on you'r local machine using a plugin/extension called Allow-Control-Allow-Origin and add you'r localhost into it. The other way is to manually fix the configuration in server side.
There Are Two Approaches to Getting It Right.Use a reverse proxy server or WSGI server(such as Nginx or Apache) to proxy requests to your resource and handle the OPTIONS method in the proxy. Add support for handling the OPTIONS method in the resource's code.
config
add_header 'Access-Control-Allow-Origin' 'http://localhost:9090';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
before "location / {...}" helps me
169
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
