Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
G
G
Galdar Turin2020-08-31 11:18:47
JavaScript
Galdar Turin, 2020-08-31 11:18:47

How to fix CORS error?

Here is the js script

JS
var xhr = new XMLHttpRequest();

      var json = JSON.stringify(data);

      xhr.withCredentials = true;

      xhr.open('POST', 'https://dev.dev.ru/server/', true);
      
      xhr.setRequestHeader('Access-Control-Allow-Origin', "https://login.domain.ru/");
      xhr.setRequestHeader('Access-Control-Allow-Headers', 'origin, content-type, accept');
      xhr.setRequestHeader('Content-type', 'application/json; charset=utf-8');

      xhr.onreadystatechange = function() {
        if (this.readyState != 4) return;
      
        console.log( this.responseText );

        callback( this.responseText )
      }

      xhr.send(json);


Here is the NGINX config it is set to location /server/
nginx

if ($request_method = 'OPTIONS') {

      add_header 'Access-Control-Allow-Origin' "https://login.domain.ru/";
      
      #
      # Om nom nom cookies
      #

      add_header 'Access-Control-Allow-Credentials' 'true';
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
      
      #
      # Custom headers and headers various browsers *should* be OK with but aren't
      #

      add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
      
      #
      # Tell client that this pre-flight info is valid for 20 days
      #

      add_header 'Access-Control-Max-Age' 1728000;
      add_header 'Content-Type' 'text/plain charset=UTF-8';
      add_header 'Content-Length' 0;

      return 204;
    }

    if ($request_method = 'POST') {

      add_header 'Access-Control-Allow-Origin' "https://login.domain.ru/";
      add_header 'Access-Control-Allow-Credentials' 'true';
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

    }

    if ($request_method = 'GET') {

      add_header 'Access-Control-Allow-Origin' "https://login.domain.ru/";
      add_header 'Access-Control-Allow-Credentials' 'true';
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
      add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';

    }



Writes an error that (Request from foreign origin blocked: Single origin policy prohibits reading remote resource on https://dev.dev.ru/server/ . (Reason: CORS header "Access-Control-Allow-Origin" does not match " https ://login.domain.ru/ ").)

What am I doing wrong?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
SagePtr, 2020-08-31
@Galdar

Origin without a slash at the end is written, perhaps because of it a mismatch

Report
I
Ilya, 2020-08-31
@FireGM

It is best to read about CORS. If you do not know what you are doing, then this can create a huge hole through which you can do a lot of bad things.
But if you just want to try it, then add headers for https://dev.dev.ru .

add_header 'Access-Control-Allow-Origin' "https://dev.dev.ru"

Similar questions
U
unlik2015-03-20 00:01:49
How to backup a dump to a remote server? 2Reply
K
Katie Divs2015-03-25 18:17:53
Why doesn't search work in Sublime 3? 2Reply
C
CanterGhost2018-11-10 01:31:28
WiFi module on HP pavilion 15 n060sr, what can I replace it with? 2Reply
S
Sergey Burduzha2021-03-25 12:00:33
Why is a fetch request not working? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question