I've added everything to my Apache htaccess:
Header set Access-Control-Allow-Headers: X-Requested-With Header set Access-Control-Allow-Methods: OPTIONS Header add Access-Control-Allow-Methods: GET Header add Access-Control-Allow-Methods: POST Header add Access-Control-Allow-Headers: Content-Type Header add Access-Control-Allow-Headers: Depth Header add Access-Control-Allow-Headers: User-Agent Header add Access-Control-Allow-Headers: X-File-Size Header add Access-Control-Allow-Headers: X-Requested-With Header add Access-Control-Allow-Headers: If-Modified-Since Header add Access-Control-Allow-Headers: X-File-Name Header add Access-Control-Allow-Headers: Cache-Control Header set Access-Control-Allow-Origin: http://mysite.com Header add Access-Control-Allow-Origin: https://mysite.com Header set Access-Control-Allow-Credentials: true
I added this to my jquery $.ajax:
xhrFields: { withCredentials: true }
Absolutely nothing works.
I'm doing $.ajax with
type: 'POST', dataType: 'json'
I thought by setting all of those headers above, I could do json not jsonp (please no jsonp. anything but jsonp. i can't get success to fire. please.god.no)
I'm at my limits. I'm getting the good ole
XMLHttpRequest cannot load https://mysite.com/aDirectory/aSecureFile.php. Origin http://mysite.com is not allowed by Access-Control-Allow-Origin.
Please help. I'm dying here. I promise I've looked everywhere, oh, have I looked everywhere.
Many thanks in advance!
Clarity
My headers are all coming across. I can see them in my response headers, but I'm still getting the above error. Is the server blocking? The browser? Is there something special I have to do to do https? Is there another setting on Apache I have to set to allow CORS? Is my jQuery $.ajax correct? Aside from data and success and error (and the URL always being https), that's all I'm doing to the jQuery $.ajax.
Thanks again!
new
Cross Domain AJAX preflighting failing Origin check didn't help (I don't think). Added
Header set Access-Control-Allow-Headers: ORIGINS(adjusting for sets and adds). All response headers coming down the pipe.
newer
Added these
Header add Access-Control-Allow-Headers: Origin Header add Access-Control-Allow-Headers: Acceptstill nothing
REQUEST HEADERS
Do these help?
Accept:application/json, text/javascript, /; q=0.01 Content-Type:application/x-www-form-urlencoded; charset=UTF-8 Origin:http://mysite.com Referer:http://mysite.com/ User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
PHP
header("Access-Control-Allow-Origin: http://mysite.com"); header("Access-Control-Allow-Origin: https://mysite.com");
RESPONSE HEADERS CLARITY
The RESPONSE HEADERS are coming through on all normal requests not the cross domain https ajax.
Server
CentOS 5.8, Apache 2.2.2, PHP 5.3, cPanel, WHM
Fine, if PHP not executing
So, in my haste, I copied slashingweapon's cors.php directly without php tags. I made a test page with $.ajax using the settings above.
It worked (as in there were no errors when the ajax fired) complete with response headers. As soon as I added the tags to the PHP, the error happened. I checked to see if it was a directory issue, putting it in both root and a subdirectory, fine as long as PHP is not executing.
Does this mean anything to anyone?
Is there a PHP setting that needs to be flipped?
Thanks to all for grinding this out with me!
We have a heartbeat
It looks like multiple arguments in the htacess craps my server out. I reduced all those options above to this (which is fine for me, but I pity da fool who needs more):
<IfModule mod_headers.c>
<FilesMatch "\.(php)$">
Header set Access-Control-Allow-Origin: http://mysite.com
Header add Access-Control-Allow-Methods: POST
</FilesMatch>
</IfModule>
All I put in the PHP was
echo "this works at least":
And that came in the response. Once I figure out what's causing my PHP to fail, I'll post it.
Again, thanks all!
Zend Guard the problem?
Sooooooooo, sorry guys. Forgot to add that my site's running Zend Guard. Have a feeling that's causing it.