Php – CORS policy: No ‘Access-Control-Allow-Origin’ for JSON files

corshttphttp-headersPHP

I kept a JSON files in Server A, ip : 111.111.111.111/folder1/a.json

From Server B [ ip : 444.444.444.444 ], I am trying to access that JSON file , I received the result below:

Access to XMLHttpRequest at 'http://111.111.111.111/a.json' from origin 'http://444.444.444.444' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I wrote the following code in 111.111.111.111/index.php , but I am receiving the same error:

<?php

Access-Control-Allow-Origin: "http://444.444.444.444"
Access-Control-Allow-Origin: *
Header set Access-Control-Allow-Origin: *

?>

Accessing JSON using below JavaScript code :

$.getJSON("http://111.111.111.111/folder1/a.json", (data) => {  }

Best Answer

Your Access-Control policy needs to be set on the same URL than the requested ressource.

What I mean is that if you're going to request access to /folder1/a.json, then the Access-Control headers needs to be set on the requests for this specific URL.

You could add these headers via your server (Apache / Nginx / ...) or create a php script like the one you made that sets those headers and returns the json file content (i.e. /folder1/a.json.php).

BTW your code isn't valid PHP, use the header(...) function.

You coud use a script like this:

<?php
    header('Access-Control-Allow-Origin: http://444.444.444.444/*');
    header('Content-Type: application/json; charset=utf-8');
    die(file_get_contents('a.json'));
?>

There are no proxied requests

Of this block:

location /ads {
    proxy_set_header 'Access-Control-Max-Age' 1728000;
    proxy_set_header 'Access-Control-Allow-Origin' '*';
    proxy_set_header 'Access-Control-Allow-Credentials' 'true';
    proxy_set_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    proxy_set_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
  try_files $uri $uri/ /index.php?$args;
}

The only directive that is doing anything is try_files - because there is no proxied request issued. proxy_pass_header only makes sense if proxy_pass is also used; but it would send the headers to the proxied server, not the client so is irrelevant for CORS.

Use add_header

The directive you're looking for is add_header - a valid example would be:

location /ads {
    add_header "Access-Control-Allow-Origin" "*";
    ...
    try_files $uri $uri/ /index.php?$args;
}

This adds the header to the response sent back to the client (browser).

Best Answer

Related Solutions

LiteSpeed enable Access-Control-Allow-Origin (no response header on CORS request)

Nginx Access Control Origin Header is configured but doesn’t work

There are no proxied requests

Use add_header

Related Topic