Origin is not allowed by Access-Control-Allow-Origin
The response from the server is the following:
XMLHttpRequest cannot load http://nqatalog.negroesquisso.pt/login.php. Origin
http://localhost:8888is not allowed by Access-Control-Allow-Origin.
How can I fix this problem?
I wrote an article on this issue a while back, Cross Domain AJAX.
The easiest way to handle this if you have control of the responding server is to add a response header for:
This will allow cross-domain Ajax. In PHP, you’ll want to modify the response like so:
<?php header('Access-Control-Allow-Origin: *'); ?>
You can just put the
Header set Access-Control-Allow-Origin * setting in the Apache configuration or htaccess file.
It should be noted that this effectively disables CORS protection, which very likely exposes your users to attack. If you don’t know that you specifically need to use a wildcard, you should not use it, and instead you should whitelist your specific domain:
<?php header('Access-Control-Allow-Origin: http://example.com') ?>
If you’re using Apache just add:
<ifModule mod_headers.c> Header set Access-Control-Allow-Origin: * </ifModule>
in your configuration. This will cause all responses from your webserver to be accessible from any other site on the internet. If you intend to only allow services on your host to be used by a specific server you can replace the
* with the URL of the originating server:
Header set Access-Control-Allow-Origin: http://my.origin.host
<system.webServer> ... <httpProtocol> <customHeaders> <!-- Enable Cross Domain AJAX calls --> <remove name="Access-Control-Allow-Origin" /> <add name="Access-Control-Allow-Origin" value="*" /> </customHeaders> </httpProtocol> </system.webServer>