allow cross origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: <origin>
Access-Control-Allow-Origin: null
allow cross origin
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: <origin>
Access-Control-Allow-Origin: null
cross origin even with allow header
header('Access-Control-Allow-Origin: http://localhost:8100');
header ("Access-Control-Expose-Headers: Content-Length, X-JSON");
header ("Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS");
header ("Access-Control-Allow-Headers: Content-Type, Authorization, Accept, Accept-Language, X-Authorization");
header('Access-Control-Max-Age: 86400');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
// The request is using the POST method
header("HTTP/1.1 200 OK");
return;
}
Access to XMLHttpRequest at 'http://localhost/MySQL_pracs/InsertUser.php' from origin 'http://localhost:4200' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.
//Access to XMLHttpRequest at 'http://localhost/[api path].php' from origin 'http://localhost:4200' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.
//The error is simply saying that "Content-Type" is missing from "Access-Control-Allow-Headers".
//Therefore we need to add "Content-Type" to "Access-Control-Allow-Headers".
<?php
header('Access-Control-Allow-Headers: Content-Type');
-----
?>
what is CORS
Use CORS to allow cross-origin access.
CORS is a part of HTTP that lets servers specify any other hosts
from which a browser should permit loading of content.
How to block cross-origin access
To prevent cross-origin writes,
check an unguessable token in the request — known as a Cross-Site Request Forgery (CSRF) token.
prevent cross-origin reads of pages that require this token.
To prevent cross-origin reads of a resource,
ensure that it is not embeddable.
prevent embedding because embedding a resource always leaks some information about it.
To prevent cross-origin embeds,
ensure that your resource cannot be interpreted
Browsers may not respect the Content-Type header.
For example, if you point a <script> tag at an HTML document, the browser will try to parse the HTML as JavaScript. When your resource is not an entry point to your site, you can also use a CSRF token to prevent embedding.
Copyright © 2021 Codeinu
Forgot your account's password or having trouble logging into your Account? Don't worry, we'll help you to get back your account. Enter your email address and we'll send you a recovery link to reset your password. If you are experiencing problems resetting your password contact us