CORS, IIS7 and PHP - Access-Control-Allow-Origin error
Based upon comments it looks like you're missing the Access-Control-Allow-Origin
header when an OPTIONS request is submitted. According to this article it should be a simple case of adding the following code to your PHP page...
<?php
header('Access-Control-Allow-Origin: *');
?>
If that still doesn't work then you should check the IIS handler mapping for PHP (see here) and make sure that OPTIONS is an allowed verb. Hopefully that does the job!
This article also indicates that you could skip modifying the PHP at all and simply add the following to your web.config:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="*" />
<add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />
<add name="Access-Control-Max-Age" value="1000" />
</customHeaders>
</httpProtocol>
</system.webServer>
Be aware that this will open up the entire site rather than just one page...
Related videos on Youtube
Dreanmer
More than 12 years working in the software development area, I am a fullstack developer with expertise in engineering and architecture for scalable systems in PHP.
Updated on June 14, 2022Comments
-
Dreanmer almost 2 years
i'm trying to allow another host (a local host, like
javascript.dev
) to make a xhr to this host, it is an IIS7 and if icurl -I
it, this is the headers:HTTP/1.1 200 OK Content-Length: 0 Content-Type: text/html; charset=UTF-8 Server: Microsoft-IIS/7.0 X-Powered-By: PHP/5.3.28 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS Access-Control-Max-Age: 1000 Access-Control-Allow-Headers: * X-Powered-By: ASP.NET Date: Fri, 20 Jun 2014 12:09:33 GMT
this is the headers for
curl -v -X OPTIONS
:* About to connect() to www2.xxxxxxxxxxxx.com.br port 80 (#0) * Trying 200.98.xxx.100... * Connected to www2.xxxxxxxxxxxx.com.br (200.98.xxx.100) port 80 (#0) > OPTIONS /jobs/xxxxxxx/user/ HTTP/1.1 > User-Agent: curl/7.30.0 > Host: www2.xxxxxxxxxxxx.com.br > Accept: */* > < HTTP/1.1 200 OK < Allow: OPTIONS, TRACE, GET, HEAD, POST * Server Microsoft-IIS/7.0 is not blacklisted < Server: Microsoft-IIS/7.0 < Public: OPTIONS, TRACE, GET, HEAD, POST < X-Powered-By: ASP.NET < Date: Fri, 20 Jun 2014 13:01:25 GMT < Content-Length: 0
i used php to change the
Access-Control-Allow-Origin
, but when i do the xhr, with or without jquery, this is the error i'm getting:XMLHttpRequest cannot load http://www2.xxxxxxxx.com.br/jobs/xxxxxx/user/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://javascript.dev' is therefore not allowed access.
to document, additional steps i made to solve:
i added code in the answer above to my web.config and get this error:
XMLHttpRequest cannot load http://www2.madeinweb.com.br/jobs/eminhasaude/user. Request header field Content-Type is not allowed by Access-Control-Allow-Headers.
because
Access-Control-Allow-Headers
don't accept wildcards*
. to solve:<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
-
Dreanmer almost 10 yearsok, added this to web config, now the headers on OPTIONS request is:
Access-Control-Allow-Origin: * < Access-Control-Allow-Headers: * < Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
but im still receiving errors, now this error:XMLHttpRequest cannot load http://www2.madeinweb.com.br/jobs/eminhasaude/user. Request header field Content-Type is not allowed by Access-Control-Allow-Headers.
-
Dean Ward almost 10 yearsLooks like
Access-Control-Allow-Headers
doesn't accept wildcards... stackoverflow.com/questions/13146892/…. Try adding just Content-Type instead of the * -
Dreanmer almost 10 yearsyeah i solved this as follow:
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
-
Shrinivas almost 6 yearsRemoving headers from php controller and making the above said changes in the web.config helped me. Thanks a ton.