How do I use Access-Control-Allow-Origin Does it just go in between the html head tags

Question

I ve been reading about Access-Control-Allow-Origin because it seems effective at allowing cross domain requests since I have access to the external site   My question ism how do I use Access-Control-Allow-Origin to allow cross domain requests   I tried this  don t laugh   by the way all I want is for a single number  1 or 0 to be returned    lt html gt   lt head gt  Access-Control-Allow-Origin     lt  head gt   lt body gt  1  lt  body gt   lt  html gt    Am I close   Thanks for your help   If there is an easier way to do a simple cross-domain request let me know

User · Answer

There are 3 ways to allow cross domain origin (excluding jsonp):

1) Set the header in the page directly using a templating language like PHP. Keep in mind there can be no HTML before your header or it will fail.

 <?php header("Access-Control-Allow-Origin: http://example.com"); ?>

2) Modify the server configuration file (apache.conf) and add this line. Note that "*" represents allow all. Some systems might also need the credential set. In general allow all access is a security risk and should be avoided:

Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Credentials true

3) To allow multiple domains on Apache web servers add the following to your config file

<IfModule mod_headers.c>
    SetEnvIf Origin "http(s)?://(www\.)?(example.org|example.com)$" AccessControlAllowOrigin=$0$1
    Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
    Header set Access-Control-Allow-Credentials true
</IfModule>

4) For development use only hack your browser and allow unlimited CORS using the Chrome Allow-Control-Allow-Origin extension

5) Disable CORS in Chrome: Quit Chrome completely. Open a terminal and execute the following. Just be cautious you are disabling web security:

open -a Google\ Chrome --args --disable-web-security --user-data-dir

User · Answer

If you use Java and spring MVC you just need to add the following annotation to your method returning your page     CrossOrigin origins              is to allow your page to be accessible from anywhere  See https   developer mozilla org fr docs Web HTTP Headers Access-Control-Allow-Origin for more details about that

User · Answer

That is an HTTP header  You would configure your webserver or webapp to send this header ideally  Perhaps in htaccess or PHP   Alternatively you might be able to use   lt head gt     lt meta http-equiv  Access-Control-Allow-Origin  content     gt     lt  head gt    I do not know if that would work  Not all HTTP headers can be configured directly in the HTML   This works as an alternative to many HTTP headers  but see  EricLaw s comment below  This particular header is different   Caveat  This answer is strictly about how to set headers  I do not know anything about allowing cross domain requests   About HTTP Headers  Every request and response has headers  The browser sends this to the webserver  GET  index htm HTTP 1 1   Then the headers  Host  www example com User-Agent   Browser OS name and version information     Additional headers indicating supported compression types and content types and other info   Then the server sends a response  Content-type  text html Content-length   number of bytes in file  optional   Date   server clock  Server   Webserver name and version information    Additional headers can be configured for example Cache-Control  it all depends on your language  PHP  CGI  Java  htaccess  and webserver  Apache  etc

User · Answer

lt  php header  Access-Control-Allow-Origin  http   example com      gt    This command disables only first console warning info  console  Result  console result

[html] How do I use Access-Control-Allow-Origin? Does it just go in between the html head tags?

Examples related to html

Examples related to cross-domain

Examples related to same-origin-policy

Examples related to access-control

Examples related to cors