• PHP
  • Ruby on Rails
  • MySQL
  • Linux
    • SELINUX
    • Fedora
    • debian
  • Apache
  • nginx
  • AJAX
Albertech.net

PHP Script to fix AJAX Access-Control-Origin Errors

February 23, 2011 8:26 pm / Albertech.net

If you have an AJAX application that uses a PHP back-end app on a different server as your web front-end server (e.g. load balancing, cdn’s, etc), your PHP script will need to send header variables with the allowed content server name(s).

Web browsers are now following a standard for HTTP Access control to prevent client-side Cross Site scripting attacks.

I tested this with Firefox and it simply blocks the request without any error messages. Google Chrome browser will error out with the following message if the access control origin is not set correctly on your PHP script. (woot!)

“XMLHttpRequest cannot load [PHP URL].. Origin [JAVASCRIPT URL] is not allowed by Access-Control-Allow-Origin.”

For example, if the Javascript is hosted on example.com and your PHP app is on example.org.

Below is the PHP script for fixing this error. Replace example.com with your front-end server domain name.

if($_SERVER['HTTP_ORIGIN'] == "example.com")
{
header('Access-Control-Allow-Origin: http://example.com');
header('Content-type: application/xml');
}

This was an easy 5 minute fix once I found what was causing the problem. Sometimes its nice to have multiple browsers to troubleshoot AJAX issues.

UPDATE: I ran across some issues with Internet Explorer 8 with cross domain requests:
http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx

To fix the Internet Explorer compatibility issues, I recommend using jQuery for handling the browser requests. It will handle the various browser GET/POST methods automatically, including IE8, Firefox, Chrome, etc.
http://forum.jquery.com/topic/jquery-autocomplete-new-parameter-implemented-method-get-post

Share this:

  • Facebook
  • Google
  • Twitter
  • Print
  • Email
Posted in: AJAX, PHP / Tagged: AJAX, script, XSS

One Thought on “PHP Script to fix AJAX Access-Control-Origin Errors”

  1. Pingback: Al

Post Navigation

← Previous Post
Next Post →

Categories

  • AJAX
  • Android
  • Apache
  • Canon Cameras
  • Cloud
  • CMS
  • Computer Mods
  • Conferences
  • Deals
  • debian
  • Fedora
  • Flash
  • Frameworks
  • git
  • Hardware
  • HTML
  • IDE
  • iPhone
  • iPhone App Review
  • jQuery
  • Linux
  • Mac OS X
  • MySQL
  • nginx
  • PHP
  • portfolio
  • Puppet
  • Ruby on Rails
  • Script Reviews
  • SELINUX
  • Software
  • Software Review
  • SQL Server
  • statistics
  • Tech
  • Tomcat
  • Uncategorized
  • VMWARE
  • VPS
  • Windows
  • wordpress
  • Zend Framework

Blogroll

  • DragonAl Flickr
  • Dropbox – Free 2GB Account
  • James' Blog
  • Javascript Compressor
  • PHP Builder Community
  • PHP-Princess.net
  • Rubular – Regular Expression Validator
  • The Scale-Out Blog
  • Tiny MCE

Tags

activation AJAX android antec Apache AWS awstats canon coda codeigniter debian enclosure external free G1 install vmware tools Internet Explorer iphone 5 jquery Linux mx-1 MySQL office 2007 OSX photoshop PHP plugin plugins portfolio redesigned website review rewrite script security SELinux ssh tinymce tutorial upgrade VMWARE vmware server wordpress wordpress mu XSS zend framework
© Copyright 2013 Albertech.net
Infinity Theme by DesignCoral / WordPress
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.