PHP:
<?php
header('Access-Control-Allow-Origin: *');
include_once("db_connect.php");
$username = '';
$video = '';
$rating ='';
if(isset($_GET["u"])){
$username = preg_replace('#[^a-z0-9]#i', '', $_GET['u']);
} else {
echo "No UserName";
}
if(isset($_GET["v"])){
$video= preg_replace('#[0-9]#i','',$_GET['v']);
} else {
echo "No Video ID";
}
...
?>
JavaScript:
function like(u,v) {
document.getElementById("rating").innerHTML="loading...";
var ajax = ajaxObj("POST","http://www.url.com/ratingphp.php");
ajax.onreadystatechange=function(){
if(ajaxReturn(ajax) === true){
document.getElementById("rating").innerHTML=ajax.responseText;
}
};
ajax.send("u="+u+"&v="+v+"&like");
}
function dislike(u,v) {
document.getElementById("rating").innerHTML="loading...";
var ajax = ajaxObj("POST","http://www.url.com/ratingphp.php");
ajax.onreadystatechange=function(){
if(ajaxReturn(ajax) === true){
document.getElementById("rating").innerHTML=ajax.responseText;
}
};
ajax.send("u="+u+"&v="+v+"&dislike");
}
function ajaxObj(meth,url){
var x= new XMLHttpRequest();
x.open(meth,url,true);
x.setRequestHeader("Content-type","application/x-www-form-urlencoded");
return x;
}
function ajaxReturn(x){
if(x.readyState == 4 && x.status == 200){
return true;
}
}
So as you can see I've allowed Access-Control-Allow-Origin in my PHP though I keep getting the error:
XMLHttpRequest cannot load http://www.url.com/ratingphp.php. Origin http://www.url2.com is not allowed by Access-Control-Allow-Origin. h37:1
Am I doing something wrong in my ajaxObj function with the setRequestHeader? First time doing a cross site php code. I'm just trying to figure out why my code is not executing correctly for the ACAO
just add this in PHP ..
header("Access-Control-Allow-Headers : Content-Type");
header("Access-Control-Allow-Methods : POST, OPTIONS");