Access-Control-Allow-Origin "*"

ClaudioSpcSpa · April 15, 2024, 12:02pm

Good day
I can’t get CORS redirects to work.
Can you help me, please.
Can you tell me in which files I should modify or add what, what lines I should modify or add for this to work.
has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
The system is developed with PHP, CSS, JS and JSON.

On another server without Hestia I was able to get it working, but I need to get it working with Hestia, I have modified apache.conf, nginx.conf, and syscon32.cl.conf and I can’t get it to work.

On my computer with Debian 12, it also works.

sahsanu · April 15, 2024, 1:28pm

Hi @ClaudioSpcSpa,

In the example I’ll use claudio as Hestia user , example.net as your domain and Access-Control-Allow-Origin: * as the header you want to add.

For Nginx:

cd /home/claudio/conf/web/example.net/
echo 'add_header Access-Control-Allow-Origin "*";' >> nginx.conf_headers
ln -s nginx.conf_headers nginx.ssl.conf_headers
systemctl reload nginx

For Apache2:

First check if module headers is enabled.

apache2ctl -M 2>/dev/null | grep headers || echo "You must enable module headers"

If you see the message You must enable module headers then do it…

a2enmod headers
systemctl restart apache2

Now add the header to .htaccess file:

cd /home/claudio/conf/web/example.net/public_html/
echo '<IfModule mod_headers.c>' >> .htaccess
echo '    Header set Access-Control-Allow-Origin "*"' >> .htaccess
echo '</IfModule>' >> .htaccess

Test again.

ClaudioSpcSpa · April 15, 2024, 3:34pm

Internal Server Error

Oops! Something went wrong.

The server encountered an internal error or misconfiguration and was unable to complete your request.

Error Code: 500

sahsanu · April 15, 2024, 3:37pm

If you don’t show the error in log I can’t help.

ClaudioSpcSpa · April 15, 2024, 3:57pm

First of all thank you
I already solved this error:
[Mon Apr 15 11:33:46.525537 2024] [core:alert] [pid 3013:tid 139891312654080] [client 186.79.172.16:0] /home/syscon32/web/syscon32.cl/public_html/.htaccess: w$.

Now it gives this error:
[Mon Apr 15 11:42:30.030564 2024] [proxy_fcgi:error] [pid 5725:tid 139735225829120] [client 186.79.172.16:0] AH01071: Got error ‘PHP message: PHP Notice: Undefined variable: _SESSION in /home/ syscon32/web/syscon32.cl/public_html/Views/Templates/footerAdmin.php on line 7’, referer: Error !!!

Also solved, I deleted $_SESSION from line 7 of footerAdmin.php.

In syscon32.cl.error.log, no more errors appear, but I still get the console message:

Access to XMLHttpRequest at ‘https://www.syscon32.cl/Usuarios/validar’ from origin ‘https://syscon32.cl’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
www.syscon32.cl/Usuarios/validar:1

    Failed to load resource: net::ERR_FAILED

sahsanu · April 15, 2024, 4:20pm

Did you execute exactly the commands I gave you?

I know nothing about your application but maybe you should do the request to https://syscon32.cl/Usuarios/validar instead of https://www.syscon32.cl/Usuarios/validar to avoid the redirection (it doesn’t provide the header) but syscon32.cl is providing the right header:

❯ curl -I https://syscon32.cl/Usuarios/validar
HTTP/2 200 
server: nginx
date: Mon, 15 Apr 2024 16:19:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=5kav5ub4cil9ott0ecj0qcqqde; path=/
access-control-allow-origin: *
strict-transport-security: max-age=31536000;

ClaudioSpcSpa · April 15, 2024, 4:37pm

Oh, okay,
I use a constant
const base_url = “https://syscon32.cl”;
And it stayed like that.

Run the App again.

This now appears in the console:
Uncaught SyntaxError: Unexpected token ‘A’, "Array
(
"…is not valid JSON
at JSON.parse ()
at http.onreadystatechange (login.js:22:26)

19 http.onreadystatechange = function () {
20 if (this.readyState == 4 && this.status == 200) {
21 // console.log(this.responseText);
22 const res = JSON.parse(this.responseText);
23 if (res == “ok”) {
window.location = base_url + “/Administration/home/”;
} else {
document.getElementById(“alert”).classList.remove(“d-none”);
document.getElementById(“alert”).innerHTML = res;
}
}

sahsanu · April 15, 2024, 4:40pm

I can’t help you with your code.

ClaudioSpcSpa · April 15, 2024, 4:43pm

Thank you, thank you very much anyway, I think you may have helped me in some way.