Answer the question
In order to leave comments, you need to log in
G
G
Galdar Turin2020-08-31 11:18:47
Galdar Turin, 2020-08-31 11:18:47
How to fix CORS error?
Here is the js script
JS
var xhr = new XMLHttpRequest();
var json = JSON.stringify(data);
xhr.withCredentials = true;
xhr.open('POST', 'https://dev.dev.ru/server/', true);
xhr.setRequestHeader('Access-Control-Allow-Origin', "https://login.domain.ru/");
xhr.setRequestHeader('Access-Control-Allow-Headers', 'origin, content-type, accept');
xhr.setRequestHeader('Content-type', 'application/json; charset=utf-8');
xhr.onreadystatechange = function() {
if (this.readyState != 4) return;
console.log( this.responseText );
callback( this.responseText )
}
xhr.send(json);Here is the NGINX config it is set to location /server/
nginx
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' "https://login.domain.ru/";
#
# Om nom nom cookies
#
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' "https://login.domain.ru/";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' "https://login.domain.ru/";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}Writes an error that (Request from foreign origin blocked: Single origin policy prohibits reading remote resource on https://dev.dev.ru/server/ . (Reason: CORS header "Access-Control-Allow-Origin" does not match " https ://login.domain.ru/ ").)
What am I doing wrong?
2 answer(s)
@Galdar
@FireGM
S
SagePtr, 2020-08-31 @Galdar
Origin without a slash at the end is written, perhaps because of it a mismatch
I
Ilya, 2020-08-31 @FireGM
It is best to read about CORS. If you do not know what you are doing, then this can create a huge hole through which you can do a lot of bad things.
But if you just want to try it, then add headers for https://dev.dev.ru .
add_header 'Access-Control-Allow-Origin' "https://dev.dev.ru"
Similar questions
V
W
whatever732015-03-29 17:36:06
How to find all cycles in undirected graph by adjacency matrix?
2Reply
N
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question