I need to call a wordpress page and show the page in a div tag on another webpage not using iframes etc. I have tried many different approaches like jsonp and so on, but i need a good example, keeps getting errors. I have full access to both domains.
Kind regards
Mikael
Create an .htaccess on the domain you want to access with this:
Header add Access-Control-Allow-Origin "*" Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type" Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
Then you can use jQuery .load, for example, to get pages from the other domain.
Related
A week ago, I encountered a CORS error:
Access to XMLHttpRequest at [domainA/example/directory/file.xml] from origin [domainB] has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I solved this by editing .htaccess, adding:
<IfModule mod_headers.c>
<FilesMatch ".+">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
This worked! However, I am now encountering the same problem when requesting data at the same domain, at a different path (i.e. "domainA/different/example/directory/file.json").
Shouldn't I be able to request any file, in any directory, based on the edits I made to .htaccess? (located at "/.../.../www/[domainA-root]/.htaccess")
It's worth noting that in my first example, [domainA/example/directory/file.xml] is a XML view created by Drupal, and is not a static file in an actual directory.
That looks like the typical case in which your browser is caching the response of a previous OPTIONS request to specific URLs requested previously, the header was not there before and the browser won't bother to check again until the TTL expires.
I would say: check it the headers are there doing a verbose curl request from your command line, I.e.
curl -v https://yourhost/yourURL
Then you can take it from there
rather than trying .+ in filematch, you should try:
<FilesMatch "\.(htm|html|css|js|php|json)$">
AddDefaultCharset UTF-8
DefaultLanguage en-US
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "*"
</FilesMatch>
I have a plugin on my wordpress site and this plugin is using ajax to send the information to database
the problem is that i have subdomains on some pages on my website " xxx.xyn.com "
and the ajax is working fine on the main domain xyn.com but it's not working on subdomains so how can i make it work on subdomains too ?
here is the code :
http_req = new XMLHttpRequest();
http_req.onreadystatechange = function()
{eemail_submitresult(es_widget_form)}; // Passing the form to the submit request
http_req.open('POST', url, true);
http_req.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http_req.send(parameters);
so how can i make it works ?
and if Access-Control-Allow-Origin is the solution can you tell me how to allow it ?
is it codes to add in javascript, php, htaccess or apache ?
I am not sure what you mean, you are visiting a page of url xxx.xyn.com, and it fetches XHR data from xyn.com right?
In that case you will need to add the Access-Control-Allow-Origin header in the response from xyn.com. For more information, see the link above.
It should not send the request to main site, cause it works in curent site context. Did you check what exectely in "url" variable? Maybe there is a main site url?
I solved my problem with this method and adding the following code to .htaccess.
I wanted all subdomains to have access.
<ifmodule mod_headers.c="">
SetEnvIf Origin "^(.*\.domain\.com)$" ORIGIN_SUB_DOMAIN=$1
Header set Access-Control-Allow-Origin "%{ORIGIN_SUB_DOMAIN}e" env=ORIGIN_SUB_DOMAIN
Header set Access-Control-Allow-Methods: "*"
Header set Access-Control-Allow-Headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
</ifmodule>
I had some problems to set a correct cors header for using external resource in my wordpress installation. I have a subdomain which exposed by another domian name.
I've got following error by using some plugin which load resources from my website by using an ajax call:
XMLHttpRequest cannot load [resource-URL] No 'Access-Control-Allow-Origin' header
I created a .htaccess file in the root directory of my subdomain.The file content is:
Header set Access-Control-Allow-Origin "sub.site.com"
I read in many blogs that you should use
Header set Access-Control-Allow-Origin "*"
but i guess that is a bad idea.
So I have my ckeditor working nicely together with the uploader of the fckeditor.
But only on localhost.
When uploaded to my server, the file manager uploads the Photo to the designated folder, but doesn't seem to get the url back for implementing it in the editor. I then always get the error of "image source url is missing".
Can anyone tell me what I am missing here ?
How come it works on localhost and doesn't on the server ?
I do think I changed all the appropriate paths.
Cheers
Chris
I found the solution of this error in CKEditor when you upload image file. This problem is due CKEDITOR open dialog in a frame so ; for solving this error check the "X-FRAME-OPTION" in you htaccess and set the value to SAMEORIGIN instead of DENY. If it's not in your htaccess it's when you send http header in your app.
For PHP before send content just set header like this :
header('X-FRAME-OPTION : SAMEORIGIN');
For more information about X-FRAME-OPTION check this link https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options.
Best regards
in my case (in .htaccess) it was obligatory to unset the header value first which was added by (I suppose) server:
<ifModule mod_headers.c>
Header unset X-Frame-Options
Header set X-Frame-Options SAMEORIGIN
</ifModule>
I want to configure Apache to allow XMLHttpRequests from multiple, but not all domains.
This works:
Header set Access-Control-Allow-Origin "*"
But it's unsafe, I want to allow domains specified by me, so after a bit of googling I got to this:
Header set Access-Control-Allow-Origin "http://domain1.example http://domain2.example"
But this only picks up first domain, the second is not allowed. How to properly specify multiple domains?
you can use SetEnvIf in your .htaccess file or in in vhost file (inside "Directory" group):
<IfModule mod_headers.c>
SetEnvIfNoCase Origin "https?://(www\.)?(mydomain\.example|mydomain2\.example)(:\d+)?$" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
</IfModule>
With this code you can allow access from
mydomain.example and mydomain2.example
with or without "www." in front
with or without port number
HTTP or HTTPS
You can add multiple domains separated with | or you can use regexp to configure different subdomains or patterns.