CORS with php headers

  1. Home
  2. javascript
  3. CORS with php headers

I have a simple PHP script that I am attempting a cross-domain CORS request:

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: *");

Yet I still get the error:

Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers

Anything I’m missing?

First answer

Access-Control-Allow-Headers does not allow * as accepted value, see the Mozilla Documentation here.

Instead of the asterisk, you should send the accepted headers (first X-Requested-With as the error says).

Second answer

I got the same error, and fixed it with the following PHP in my back-end script:

header('Access-Control-Allow-Origin: *');

header('Access-Control-Allow-Methods: GET, POST');

header("Access-Control-Allow-Headers: X-Requested-With");

Third answer

Many description internet-wide don’t mention that specifying Access-Control-Allow-Origin is not enough. Here is a complete example that works for me:

        header('Access-Control-Allow-Origin: *');
        header('Access-Control-Allow-Methods: POST, GET, DELETE, PUT, PATCH, OPTIONS');
        header('Access-Control-Allow-Headers: token, Content-Type');
        header('Access-Control-Max-Age: 1728000');
        header('Content-Length: 0');
        header('Content-Type: text/plain');

    header('Access-Control-Allow-Origin: *');
    header('Content-Type: application/json');

    $ret = [
        'result' => 'OK',
    print json_encode($ret);
Spread the love

Related articles

Comments are closed.