I recently switched my site to use HTTPS. I am using Laravel as a php framework. At the beginning I had an issue where I would get a 'Origin null is not allowed by Access-Control-Allow-Origin.' error, but then I had fixed that by using this in my filters.php:
App::before(function($request)
{
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
});
The is the ajax request:
$.ajax({
type: 'GET',
url: '/media/search/',
data: { 'q':search_string },
success: function(d) { }
});
Now instead of the Cross Origin error I am getting a redirect to my login page instead of the content that should be loaded. I think it has something to do with the CSRF token implementation that Laravel has, but I am not sure of the route I should take to either add that token to the request or how I could fix it. Anyone have any suggestions?
EDIT:
If I don't have those header functions in my filter.php I get this error:
XMLHttpRequest cannot load http://website.com/media/search?&q=500. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://website.com' is therefore not allowed access.
After this I had proceeded to use this call instead:
$.ajax({
type: 'GET',
url: 'https://website.com/media/search/',
data: { 'q':search_string },
success: function(d) { }
});
but still no luck
If it's related to CRSF you could remove AJAX from it:
Route::filter('csrf', function()
{
if (!Request::ajax() && Session::token() != Input::get('_token'))
{
throw new Illuminate\Session\TokenMismatchException;
}
});
adding !Request::ajax() rule at the beginning. You could also add _token to your data.
You should also look at your app/config/session.php file :
'secure' => false,
if it is set to true and you make AJAX request from http it might not work