3
votes

I had this error

XMLHttpRequest cannot load http://domain.com/canvas/include/rs-plugin/js/extensions/revolution.extension.video.min.js. Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response.

I have these 2 lines at the top of my php page that load this js file.

header("access-control-allow-origin: *");

But the issues persist, what should I do.

I am trying to access

domain.com  js file from subdomain.domain.com

This is my header response

access-control-allow-origin:* Connection:Keep-Alive

Content-Encoding:gzip Content-Length:4799 Content-Type:text/html

Date:Wed, 25 May 2016 06:28:04 GMT Keep-Alive:timeout=5, max=100

Server:Apache/2.4.7 (Ubuntu) Vary:Host,Accept-Encoding

X-Powered-By:PHP/5.5.9-1ubuntu4.14

1
Try header("access-control-allow-origin: *"); - Rayon
Both domains are in your control? - Ali
Try what @Rayon suggest, just note that it isn't always best practice allowing any origin. - Darren
Both are in my control, with root access, I updated my question with Rayon suggestion. 1 is sub.domain.com, another is domain.com, I trying load domain.com js files from subdomain.domain.com - Manga Black

1 Answers

1
votes

Try to add access controll on htaccess from origin domain.

<IfModule mod_headers.c>
   Header set Access-Control-Allow-Origin "*"
</IfModule>

Is not secure to allow access controll for the all sites. So replace the "*" sign with a specific domain