I'm having a strange problem that from one day to another my AJAX requests for a website not working anymore.
I'm now struggling to get it working and can't find the problem.
this is my javascript: basically it's realy simple, it retrieves the ip adres and then sends it (POST) to a site which stores it.
var xhr = new XMLHttpRequest();
xhr.open('GET', 'https://dashboard.inofec.nl/ip', true);
// If specified, responseType must be empty string or "text"
xhr.responseType = 'text';
xhr.onload = function () {
if (xhr.readyState === xhr.DONE) {
if (xhr.status === 200) {
// console.log('R = ' + xhr.response);
// console.log('RT= ' + xhr.responseText);
tip = xhr.responseText;
var formData = new FormData();
formData.append('ip', tip);
formData.append('uri', turl);
formData.append('id', dataId);
var request = new XMLHttpRequest();
request.open("POST", "https://dashboard.inofec.nl/visits");
request.send(formData);
// console.log('IP = ' + tip);
// console.log('URL = ' + turl);
console.log('ID = ' + dataId);
}
else {
console.log('ERROR !');
}
}
}
xhr.send(null);
on the server I have now added this to avoid using a wildcard
if (isset($_SERVER['HTTP_ORIGIN']) && $_SERVER['HTTP_ORIGIN'] != '') {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
header('Access-Control-Max-Age: 1000');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
}
When I used only
header('Access-Control-Allow-Origin: '); I got the error: Cross-Origin-request blocked: CORS-header ‘Access-Control-Allow-Origin’ does not match ‘, *’).
And with the new headers i get
CORS-header ‘Access-Control-Allow-Origin’ does not match ‘http://www.inofec.nl, *’).
But when I check the headers I see that it responds with the correct header.
Access-control-allow-headers
Content-Type, Authorization, X-Requested-With access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS access-control-allow-origin http://www.inofec.nl, *
