CORS, IIS7 and PHP - Access-Control-Allow-Origin error

javascript php iis-7 xmlhttprequest cors
10,967

Based upon comments it looks like you're missing the Access-Control-Allow-Origin header when an OPTIONS request is submitted. According to this article it should be a simple case of adding the following code to your PHP page...

<?php
header('Access-Control-Allow-Origin: *');
?>

If that still doesn't work then you should check the IIS handler mapping for PHP (see here) and make sure that OPTIONS is an allowed verb. Hopefully that does the job!

This article also indicates that you could skip modifying the PHP at all and simply add the following to your web.config:

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Access-Control-Allow-Origin" value="*" />
      <add name="Access-Control-Allow-Headers" value="*" />
      <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />
      <add name="Access-Control-Max-Age" value="1000" />
    </customHeaders>
  </httpProtocol>
</system.webServer>

Be aware that this will open up the entire site rather than just one page...

Share:
10,967

Related videos on Youtube

Dreanmer
Author by

Dreanmer

More than 12 years working in the software development area, I am a fullstack developer with expertise in engineering and architecture for scalable systems in PHP.

Updated on June 14, 2022

Comments

  • Dreanmer
    Dreanmer almost 2 years

    i'm trying to allow another host (a local host, like javascript.dev) to make a xhr to this host, it is an IIS7 and if i curl -I it, this is the headers:

    HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.0
X-Powered-By: PHP/5.3.28
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Access-Control-Max-Age: 1000
Access-Control-Allow-Headers: *
X-Powered-By: ASP.NET
Date: Fri, 20 Jun 2014 12:09:33 GMT

    this is the headers for curl -v -X OPTIONS:

    * About to connect() to www2.xxxxxxxxxxxx.com.br port 80 (#0)
*   Trying 200.98.xxx.100...
* Connected to www2.xxxxxxxxxxxx.com.br (200.98.xxx.100) port 80 (#0)
> OPTIONS /jobs/xxxxxxx/user/ HTTP/1.1
> User-Agent: curl/7.30.0
> Host: www2.xxxxxxxxxxxx.com.br
> Accept: */*
> 
< HTTP/1.1 200 OK
< Allow: OPTIONS, TRACE, GET, HEAD, POST
* Server Microsoft-IIS/7.0 is not blacklisted
< Server: Microsoft-IIS/7.0
< Public: OPTIONS, TRACE, GET, HEAD, POST
< X-Powered-By: ASP.NET
< Date: Fri, 20 Jun 2014 13:01:25 GMT
< Content-Length: 0

    i used php to change the Access-Control-Allow-Origin, but when i do the xhr, with or without jquery, this is the error i'm getting:

    XMLHttpRequest cannot load http://www2.xxxxxxxx.com.br/jobs/xxxxxx/user/. 
No 'Access-Control-Allow-Origin' header is present on the requested resource. 
Origin 'http://javascript.dev' is therefore not allowed access.

    to document, additional steps i made to solve:

    i added code in the answer above to my web.config and get this error:

    XMLHttpRequest cannot load http://www2.madeinweb.com.br/jobs/eminhasaude/user. 
Request header field Content-Type is not allowed by Access-Control-Allow-Headers.

    because Access-Control-Allow-Headers don't accept wildcards *. to solve:

    <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
  • Dreanmer
    Dreanmer almost 10 years
    ok, added this to web config, now the headers on OPTIONS request is: Access-Control-Allow-Origin: * < Access-Control-Allow-Headers: * < Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS but im still receiving errors, now this error: XMLHttpRequest cannot load http://www2.madeinweb.com.br/jobs/eminhasaude/user. Request header field Content-Type is not allowed by Access-Control-Allow-Headers.
  • Dean Ward
    Dean Ward almost 10 years
    Looks like Access-Control-Allow-Headers doesn't accept wildcards... stackoverflow.com/questions/13146892/…. Try adding just Content-Type instead of the *
  • Dreanmer
    Dreanmer almost 10 years
    yeah i solved this as follow: <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
  • Shrinivas
    Shrinivas almost 6 years
    Removing headers from php controller and making the above said changes in the web.config helped me. Thanks a ton.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

enabling cross-origin resource sharing on IIS7
Cross-Origin Request Headers(CORS) with PHP headers
CORS not working in php slim framework
Add Access-Control-Allow-Origin: * easily to JSON
Javascript JSON.parse responseText "Unexpected end of input"
Does xmlhttprequest keep connection open after request has been processed?
Retrieve Uploaded Blob with PHP
Content-Transfer-Encoding in file uploading request
Cross domain XHR failing
CORS Errors only with 400 bad request react fetch request