Plesk Question posted in
The official documentation for Plesk Obsidian can be found here.

Access-Control-Allow-Origin header Missing – Plesk

I have included this javascript on other domains:

var id = "<?php echo check_input($_GET['token']); ?>";
    var querystring = "";
    var lockerurl = "https://www.example.com/contentlocker/getlocker.php?" + 'id=' + encodeURIComponent(id) + '&r=' + encodeURIComponent(referrer) + querystring;


    var iframecontents;
    var old_display;

    function optionstoquery(options) {

        var query = "";

        if (options.mt) query += "&mt=" + encodeURIComponent(options.mt);
        if (options.dt) query += "&dt=" + encodeURIComponent(options.dt);
        if (options.dd) query += "&dd=" + encodeURIComponent(options.dd);
        if (options.md) query += "&md=" + encodeURIComponent(options.md);

        return query;

    }

    function og_load(options) {

        if (options) lockerurl += optionstoquery(options);

                        //preload
            var xhr = new XMLHttpRequest();
            xhr.open('GET', lockerurl, true);
            xhr.onreadystatechange = function() {
                if (this.readyState!==4) return;
                if (this.status!==200) {
                    iframecontents = false;
                    return;
                }

                iframecontents = this.responseText;
            };
            xhr.send();

            ogEditBody();
                }

Console it show me:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading
the remote resource at
https://www.example.com/contentlocker/getlocker.php?id=3e066b64a78214a17620b5521b6d3ec4&r=aHR0cDovL2NwYWh1Yi51cy9yb29zdGVyMi5odG1s.
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

getlocker.php contains some php and html code!

I using Plesk as webserver and I have tried by adding in getlocker.php:

header('Access-Control-Allow-Origin: *');

But still not working!

Tags:

3

Answers


  1. 0

    The CORS header has to be sent in the main page request so if you just set it when you send an embedded scrip that is not enough.

    Login or Signup to reply.
  2. 0

    Is this the first line in your PHP file?

    header("Access-Control-Allow-Origin: *");

    Also, try sending crossDomain: true in your AJAX call or HTTPRequest.

    Login or Signup to reply.
  3. 0

    From the server side, on Linux server, you can set up the required header in web server configuration:

    For source domain example.com in Plesk go to Domains > example.com > Apache and nginx settings and add the following directives in Additional directives for HTTP and Additional directives for HTTPS:

    Header set Access-Control-Allow-Origin "*"

    Alternatively, in this case, .htaccess file with the following content can be used:

    <IfModule mod_headers.c>p
Header always set Access-Control-Allow-Origin "*"
</IfModule>

    If Nginx is enabled and static content needed to be displayed, use the following directive in Additional nginx directives field without Apache directives:

    add_header Access-Control-Allow-Origin "*";
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search