Category Archives: allow-same-origin

POST method no ‘Access-Control-Allow-Origin’ header is present

I keep getting this error everytime I'm trying to run an AJAX script:

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin "website" is therefore not allowed access.

I understand after researching that this occurs because I'm trying to make a request to a different domain, and that I need to enable CORS and add the Header. I'm using Apache, so I did this in my .htaccess file.

<IfModule mod_headers.c>
    Header add Access-Control-Allow-Origin "*"
    Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
    Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

I'm pretty sure I added the correct headers, so I don't understand why I'm still getting the error. I also followed instructions from this site to allow my browser to make cross origin requests.

Ajax script:

            $("#phisherbutton").click(function() {
                    crossOrigin: true,
                    type: "POST",
                    proxy: "http://localhost/phishing/proxy.php",
                    url: "",
                    beforeSend: function(xhr) {
                        xhr.overrideMimeType("application/x-www-form-urlencoded; charset=UTF-8");
                    data: {abuseID: 76561198145750727, sessionid: getCookie("PHPSESSID"), ingameAppID: "", abuseType: "Suspected Hijacker", abuseDescription: "Phisher", json: 1},
                    success: function(response) {

CORS issue not solved in php header and .htaccess

My Web page is getting data from php as a JSON type through JQuery AJAX. When i was using this in localhost, mozilla firefox and chrome was good to receive the data. After that moved to hosting server. Now i am receiving the following error from mozilla firefox and chrome.

"Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at This can be fixed by moving the resource to the same domain or enabling CORS."

I have tried to put the following code in all .php files as a first line before any of the line getting printed.

header("Access-Control-Allow-Origin: *");

Added the following line in .htaccess

Header set Access-Control-Allow-Origin *

In addition to these header settings:

Header set Access-Control-Allow-Headers: *
Header set Access-Control-Allow-Methods: GET,POST,OPTIONS,DELETE,PUT

Noting is worked for me. Is there any problem in settings or. htaccess? Should i add any further settings in addition to the above headers?

jQuery Mobile CORS 405 error

I've read through SO and tried everything I could find online, but I'm still getting the following error when doing a jQM AJAX request for a different domain:

XMLHttpRequest cannot load http://a.b.c/search.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access. The response had HTTP status code 405.

jQM code is dead simple:

$( document ).on( "mobileinit", function() 
    $.support.cors = true;
    $.mobile.allowCrossDomainPages = true;

$(document).on('vclick', '#btnConfirmOrder', function(event)
    $.ajax({url: baseUrl + 'order.php',
        data: {"shoppingCart" : shoppingCart, "userId":1},
        type: 'post',          
        async: 'true',
        dataType: 'json',
        beforeSend: function() 
            $.mobile.loading('show', {theme:"a", text:"wait...", textonly:true, textVisible: true});
        complete: function() {

        success: function (result) 
        error: function(jqXHR, textStatus, errorThrown) 
            console.log("AJAX error: " + textStatus + ' : ' + errorThrown);

This is the nginx conf (also tried the one at

server {
    listen       80;
    server_name  a.b.c;
    root   /etc/nginx/html/ws2;

location / {

        index  index.html index.htm;

    add_header Access-Control-Allow-Origin: *;
        add_header Access-Control-Allow-Methods "GET,POST,OPTIONS";
    add_header Access-Control-Allow-Headers   Content-Type;
    add_header Access-Control-Max-Age         86400;

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;

location ~* \.(eot|ttf|woff)$ {
    add_header Access-Control-Allow-Origin *;