Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
MikUrrey2021-06-09 18:50:36
Nginx
MikUrrey, 2021-06-09 18:50:36

Access-Control-Allow-Origin, why doesn't the browser understand it?

Script code:

<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE);
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: *");
header("Access-Control-Allow-Headers: *");
header("Access-Control-Expose-Headers: *");
header("Content-type: application/json");

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    exit;
}

Request:
POST http://127.0.0.1/?/auth/login
{password: "123456", phone: "79999999999"}

Result:
Access to XMLHttpRequest at 'http://127.0.0.1/?/auth/login' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.


If you run it in API Tester, the headers come:
access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-expose-headers: *
connection: keep-alive
content-type: application/json
date: Wed, 09 Jun 2021 15:29:11 GMT
server: nginx/1.19.10
transfer-encoding: chunked


What the hell is this?

UPD: Found that nginx can't process OPTIONS requests (405). How to properly resolve them? So far none of the tricks I've googled have worked. I need to send such a request to the same path that would work for a normal GET or POST.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
M
MikUrrey, 2021-06-09
@MikUrrey

The problem was solved by adding a rule to default.conf in location

if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Headers' '*';
            add_header 'Access-Control-Allow-Methods' '*';
            add_header 'Access-Control-Expose-Headers' '*';
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain; charset=utf-8';
            add_header 'Content-Length' 0;
            return 204;
        }

I would like to control the headers sent by the script, but this will also work for now.

Similar questions
S
Sergey Volevach2016-07-03 10:39:37
Why is the entire site blocked when uploading a file? 1Reply
A
Alexander2016-07-03 16:12:54
Why are different php versions shown in phpinfo() and through php -v? 3Reply
N
Neoliz2016-07-04 13:46:07
How to make django on nginx and the rest on apache? 2Reply
A
Alex2018-12-03 02:30:41
How to deny access to all PHP files in Nginx, except for the 2 necessary ones in subdirectories? 1Reply
V
Vladimir Revyakin2016-07-05 11:56:07
Redirect from HTTP to HTTPS NGINX? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question