I've looked at so many StackOverflow questions about the 'Access-Control-Allow-Origin' problem that occurs when requesting 'GET' in AJAX.
I'm deployed a simple static application to Heroku by creating a simple PHP script to serve up the HTML file (<?php include_once("home.html"); ?>).
<?php header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Credentials: true ");
header("Access-Control-Allow-Methods: OPTIONS, GET, POST");
header("Access-Control-Allow-Headers: Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control");
include_once("home.html"); ?>
is just a static html file. js file:
$.ajax({ url: 'http://example.com',
type: 'GET',
crossDomain: true,
success: function(res) {
console.log("hello");
}
})
My site pulls images using AJAX. I've tried everything I can to make my site allow CORS but nothing will work. I have tried changing my headers like so header("Access-Control-Allow-Origin: *"); and even tried editing my .htaccess file.
I'm stuck. I would appreciate some help.
You cannot use credentials and * at the same time. If you want to use credentials in the request, you will need to explicitly list the requesting origin on the server. E.g., Access-Control-Allow-Origin: example.com.