PHP header not working on IIS for Access-Control-Allow-Origin

Question

calebcook 0 Junior Poster in Training

10 Years Ago

I am using the jQuery File Upload plugin by Blueimp to upload images to a server. The problem is, the sending server is admin.example.com, and the receiving server where the images are stored is on www.example.com. Same domain, different subdomain.

I followed the instructions here on setting up cross-domain uploads, and everything seems to be correct as far as code, but when I try to upload the images, I get this error:

XMLHttpRequest cannot load http://www.example.com/upload/. Origin http://admin.example.com is not allowed by Access-Control-Allow-Origin.

The upload folder does have read and write permissions.

I'm going to post my code below-if anyone can show me how to fix this, please let me know. I had asked about this before and was going to try some other solutions (iframe uploads and ftp file moving). Neither of these will be best for my situation, and it would be easiest if I could just do it this way...

RECEIVING SERVER

index.php

<?php
    header('Access-Control-Allow-Origin: http://admin.example.com');  //I have also tried the * wildcard and get the same response
    header("Access-Control-Allow-Credentials: true");
    header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
    header('Access-Control-Max-Age: 1000');
    header('Access-Control-Allow-Headers: Content-Type, Content-Range, Content-Disposition, Content-Description');
?>
<?php

    error_reporting(E_ALL | E_STRICT);
    require('UploadHandler.php');
    $upload_handler = new UploadHandler();

SENDING SERVER

main.js

$(function () {
    'use strict';

    // Initialize the jQuery File Upload widget:
    $('#fileupload').fileupload({
        // Uncomment the following to send cross-domain cookies:
        xhrFields: {withCredentials: true},
        url: 'http://admin.example.com/upload/',
        disableImageResize: false,
        dropZone: $('#dropzone'),
        imageMaxWidth: 1800,
        imageMaxHeight: 1800,
    });
});

Again I've tried the iframe file upload, so please don't suggest it unless you can give me full working code...

I have also tried header('Access-Control-Allow-Origin: *'); but get the same error...I'm trying to get this finished by the weekend so I'd appreciate any help I can get. :)

Here's the response headers for the failed OPTIONS request. The code should work, but I'm not sure if there's something on the IIS server blocking it? I just got admin access to the server, so I'm still getting used to it...

Allow:OPTIONS, TRACE, GET, HEAD, POST
Content-Length:0
Date:Tue, 27 Aug 2013 15:08:29 GMT
Public:OPTIONS, TRACE, GET, HEAD, POST
Server:Microsoft-IIS/7.5
X-Powered-By:ASP.NET

ajax cross-domain iis jquery php upload

2 Contributors
4 Replies
2K Views
4 Days Discussion Span
Latest Post 10 Years Ago Latest Post by calebcook

All 4 Replies

LastMitch

10 Years Ago

Again I've tried the iframe file upload, so please don't suggest it unless you can give me full working code...

@calebcook

I don't need any code from you. The error you post gave me the answer to your question.

MLHttpRequest cannot load http://www.example.com/upload/. Origin http://admin.example.com is not allowed by Access-Control-Allow-Origin.

You need to understand about Access-Control-Allow-Origin

There can only be one Access-Control-Allow-Origin response header, and that header can only have one origin value.

Therefore, in order to get it to work, you need to have a code that can you get the origin request header and check the origin value once it's check and if it is valid, sets the Access-Control-Allow-Origin header with that value and that error will be remove.

I hope that make sense.

If not I will explain more.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

calebcook 0 Junior Poster in Training · Answer 1 · 2013-08-31T13:30:35+00:00

@LastMitch could you please post example code? I'm not understanding it completely...

LastMitch · Answer 2 · 2013-09-01T03:55:20+00:00

@LastMitch could you please post example code? I'm not understanding it completely...

@calebcook

There's no examples. This is your origin http://admin.example.com valve.

You can't used this http://www.example.com/upload/. to upload to stuff from there to here: http://admin.example.com

Does that make sense unless you move http://www.example.com/upload/ to this domain http://admin.example.com then the jquery will work as of now, NO.

There's no workaround for this.

calebcook 0 Junior Poster in Training · Answer 3 · 2013-09-01T15:37:31+00:00

ok...now I'm just uploading to the same domain, and using FTP to move the file to the other domain...that seems to work now. Thanks!

PHP header not working on IIS for Access-Control-Allow-Origin

Recommended Answers Collapse Answers

All 4 Replies

Recommended Answers