http.get request in agularJs controller works fine when my client app and api are in localhost. when api is moved to server., issue arised.

client side using angularJs

$http.get('http://domain.com/api/spots/2/0').success(function(datas){
console.log(datas);
});

log gives: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://domain.com/api/spots/2/0. This can be fixed by moving the resource to the same domain or enabling CORS.

i have added these two lines to my controller construct

header("Access-Control-Allow-Origin: *");

header("Access-Control-Allow-Methods: GET");

still same error.

Try adding OPTIONS to the allowed methods.

header("Access-Control-Allow-Methods: GET, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Content-Length, Accept-Encoding");

and return immediately when the request is method 'OPTIONS' once you have set the headers.

if ( "OPTIONS" === $_SERVER['REQUEST_METHOD'] ) {
    die();
}

See also this answer.

Angular sends a W3C CORS spec compliant preflight request that will check for the right allowed methods before actually attempting it.

Personally, I find the Mozilla Developer Network CORS page a bit easier to read on the matter to help understand the flow of CORS.

If anyone else is facing the issue, enabling CORS in rest.php file of Codeigniter REST Controller worked for me. This is also clearly documented in comments here https://github.com/chriskacerguis/codeigniter-restserver/blob/master/application/config/rest.php

//Change this to TRUE
$config['check_cors'] = TRUE;

//No change here
$config['allowed_cors_headers'] = [
  'Origin',
  'X-Requested-With',
  'Content-Type',
  'Accept',
  'Access-Control-Request-Method'
];

//No change here
$config['allowed_cors_methods'] = [
  'GET',
  'POST',
  'OPTIONS',
  'PUT',
  'PATCH',
  'DELETE'
];

//Set to TRUE to enable Cross-Origin Resource Sharing (CORS) from any source domain
$config['allow_any_cors_domain'] = TRUE;


//Used if $config['check_cors'] is set to TRUE and $config['allow_any_cors_domain'] is set to FALSE. 
//Set all the allowable domains within the array
//e.g. $config['allowed_origins'] =['http://www.example.com','https://spa.example.com']

$config['allowed_cors_origins'] = [];

Client side => AngularJs (running with Grunt in localhost:9000) Server side => php (codeIgniter solution) (running in localhost:80)

The only thing that worked for me was to add this lines into the webservices controller in my php project:

         /*
           here you do whatever you do to build the $data 

         */

        //but just before returning the method data add this

        header('Content-type: application/json');
        header("Access-Control-Allow-Origin: *");
        header("Access-Control-Allow-Methods: GET");
        header("Access-Control-Allow-Methods: GET, OPTIONS");
        header("Access-Control-Allow-Headers: Content-Type, Content-Length, Accept-Encoding");
        echo json_encode($data, JSON_NUMERIC_CHECK);

I've added the following constructor in my controller class

public function __construct($config = 'rest')
{
    header('Access-Control-Allow-Origin: *');
    header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");
    parent::__construct();
}

if you can use jQuery Ajax, then use this line in your script.

jQuery.support.cors = true; // force cross-site scripting (as of jQuery 1.5)

it solved the problem for me when i tried to post some string using jQuery Ajax from sidebar desktop gadget to the xampp php file.