I have a plugin on my wordpress site and this plugin is using ajax to send the information to database
the problem is that i have subdomains on some pages on my website " xxx.xyn.com "
and the ajax is working fine on the main domain xyn.com but it's not working on subdomains so how can i make it work on subdomains too ?
here is the code :
http_req = new XMLHttpRequest();
http_req.onreadystatechange = function()
{eemail_submitresult(es_widget_form)}; // Passing the form to the submit request
http_req.open('POST', url, true);
http_req.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http_req.send(parameters);
so how can i make it works ?
and if Access-Control-Allow-Origin is the solution can you tell me how to allow it ?
is it codes to add in javascript, php, htaccess or apache ?
I am not sure what you mean, you are visiting a page of url xxx.xyn.com, and it fetches XHR data from xyn.com right?
In that case you will need to add the Access-Control-Allow-Origin header in the response from xyn.com. For more information, see the link above.
It should not send the request to main site, cause it works in curent site context. Did you check what exectely in "url" variable? Maybe there is a main site url?
I solved my problem with this method and adding the following code to .htaccess.
I wanted all subdomains to have access.
<ifmodule mod_headers.c="">
SetEnvIf Origin "^(.*\.domain\.com)$" ORIGIN_SUB_DOMAIN=$1
Header set Access-Control-Allow-Origin "%{ORIGIN_SUB_DOMAIN}e" env=ORIGIN_SUB_DOMAIN
Header set Access-Control-Allow-Methods: "*"
Header set Access-Control-Allow-Headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
</ifmodule>
Related
I need to redirect my url to https when someone write my url on browser. The problem is when I write my website name on browser with https its working fine showing secure lock. But when I am trying to type myurl.com on browser it will redirecting to http not https. I need to type https before my website url on browser to redirect it on secure lock. How can I redirect it into https automatically when someone write my website url. I have done everything change countless time my htacess file but nothing fix this issue.
Thank You
If you want to add http -> https in your CodeIgniter without configuring .htaccess, you can add following in application/config/config.php before $config['base_url']:
if($_SERVER['REQUEST_SCHEME'] == 'http') {
$web_path = $_SERVER['HTTP_HOST'] . str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']);
header('Location: https://'.$web_path);
die;
}
This is not a good way to go but can help you until you identify why webserver isn't reading your .htaccess file. What above code does is, it checks if request came for http, if yes, it creates variable $web_path with incoming source path and redirect same with https scheme.
Best way to do this is from .htaccess.
Try this -
RewriteEngine On
RewriteCond %{HTTP_HOST} ^myurl\.com$
RewriteRule (.*) https://www.myurl.com/$1 [R=301,L]
This will work as you expected.
This will pass all the possible combinations and redirect to https://www.myurl.com -
Url without https - (http://www.myurl.com)
Url without www - (https://myurl.com)
Url without https and www - (myurl.com)
Please try this. Hope this will work. Thanks.
A week ago, I encountered a CORS error:
Access to XMLHttpRequest at [domainA/example/directory/file.xml] from origin [domainB] has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I solved this by editing .htaccess, adding:
<IfModule mod_headers.c>
<FilesMatch ".+">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
This worked! However, I am now encountering the same problem when requesting data at the same domain, at a different path (i.e. "domainA/different/example/directory/file.json").
Shouldn't I be able to request any file, in any directory, based on the edits I made to .htaccess? (located at "/.../.../www/[domainA-root]/.htaccess")
It's worth noting that in my first example, [domainA/example/directory/file.xml] is a XML view created by Drupal, and is not a static file in an actual directory.
That looks like the typical case in which your browser is caching the response of a previous OPTIONS request to specific URLs requested previously, the header was not there before and the browser won't bother to check again until the TTL expires.
I would say: check it the headers are there doing a verbose curl request from your command line, I.e.
curl -v https://yourhost/yourURL
Then you can take it from there
rather than trying .+ in filematch, you should try:
<FilesMatch "\.(htm|html|css|js|php|json)$">
AddDefaultCharset UTF-8
DefaultLanguage en-US
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "*"
</FilesMatch>
I had some problems to set a correct cors header for using external resource in my wordpress installation. I have a subdomain which exposed by another domian name.
I've got following error by using some plugin which load resources from my website by using an ajax call:
XMLHttpRequest cannot load [resource-URL] No 'Access-Control-Allow-Origin' header
I created a .htaccess file in the root directory of my subdomain.The file content is:
Header set Access-Control-Allow-Origin "sub.site.com"
I read in many blogs that you should use
Header set Access-Control-Allow-Origin "*"
but i guess that is a bad idea.
So I have my ckeditor working nicely together with the uploader of the fckeditor.
But only on localhost.
When uploaded to my server, the file manager uploads the Photo to the designated folder, but doesn't seem to get the url back for implementing it in the editor. I then always get the error of "image source url is missing".
Can anyone tell me what I am missing here ?
How come it works on localhost and doesn't on the server ?
I do think I changed all the appropriate paths.
Cheers
Chris
I found the solution of this error in CKEditor when you upload image file. This problem is due CKEDITOR open dialog in a frame so ; for solving this error check the "X-FRAME-OPTION" in you htaccess and set the value to SAMEORIGIN instead of DENY. If it's not in your htaccess it's when you send http header in your app.
For PHP before send content just set header like this :
header('X-FRAME-OPTION : SAMEORIGIN');
For more information about X-FRAME-OPTION check this link https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options.
Best regards
in my case (in .htaccess) it was obligatory to unset the header value first which was added by (I suppose) server:
<ifModule mod_headers.c>
Header unset X-Frame-Options
Header set X-Frame-Options SAMEORIGIN
</ifModule>
I need to call a wordpress page and show the page in a div tag on another webpage not using iframes etc. I have tried many different approaches like jsonp and so on, but i need a good example, keeps getting errors. I have full access to both domains.
Kind regards
Mikael
Create an .htaccess on the domain you want to access with this:
Header add Access-Control-Allow-Origin "*" Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type" Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
Then you can use jQuery .load, for example, to get pages from the other domain.