How do I use Access-Control-Allow-Origin Does it just go in between the html head tags

Question

I ve been reading about Access-Control-Allow-Origin because it seems effective at allowing cross domain requests since I have access to the external site   My question ism how do I use Access-Control-Allow-Origin to allow cross domain requests   I tried this  don t laugh   by the way all I want is for a single number  1 or 0 to be returned    lt html gt   lt head gt  Access-Control-Allow-Origin     lt  head gt   lt body gt  1  lt  body gt   lt  html gt    Am I close   Thanks for your help   If there is an easier way to do a simple cross-domain request let me know

User · Answer

If you use Java and spring MVC you just need to add the following annotation to your method returning your page :

@CrossOrigin(origins = "*")

"*" is to allow your page to be accessible from anywhere. See https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/Access-Control-Allow-Origin for more details about that.

User · Answer

lt  php header  Access-Control-Allow-Origin  http   example com      gt    This command disables only first console warning info  console  Result  console result

User · Answer

That is an HTTP header  You would configure your webserver or webapp to send this header ideally  Perhaps in htaccess or PHP   Alternatively you might be able to use   lt head gt     lt meta http-equiv  Access-Control-Allow-Origin  content     gt     lt  head gt    I do not know if that would work  Not all HTTP headers can be configured directly in the HTML   This works as an alternative to many HTTP headers  but see  EricLaw s comment below  This particular header is different   Caveat  This answer is strictly about how to set headers  I do not know anything about allowing cross domain requests   About HTTP Headers  Every request and response has headers  The browser sends this to the webserver  GET  index htm HTTP 1 1   Then the headers  Host  www example com User-Agent   Browser OS name and version information     Additional headers indicating supported compression types and content types and other info   Then the server sends a response  Content-type  text html Content-length   number of bytes in file  optional   Date   server clock  Server   Webserver name and version information    Additional headers can be configured for example Cache-Control  it all depends on your language  PHP  CGI  Java  htaccess  and webserver  Apache  etc

User · Answer

There are 3 ways to allow cross domain origin  excluding jsonp    1  Set the header in the page directly using a templating language like PHP  Keep in mind there can be no HTML before your header or it will fail     lt  php header  Access-Control-Allow-Origin  http   example com      gt    2  Modify the server configuration file  apache conf  and add this line  Note that     represents allow all  Some systems might also need the credential set  In general allow all access is a security risk and should be avoided   Header set Access-Control-Allow-Origin     Header set Access-Control-Allow-Credentials true   3  To allow multiple domains on Apache web servers add the following to your config file   lt IfModule mod headers c gt      SetEnvIf Origin  http s      www     example org example com    AccessControlAllowOrigin  0 1     Header add Access-Control-Allow-Origin   AccessControlAllowOrigin e env AccessControlAllowOrigin     Header set Access-Control-Allow-Credentials true  lt  IfModule gt    4  For development use only hack your browser and allow unlimited CORS using the Chrome Allow-Control-Allow-Origin extension  5  Disable CORS in Chrome  Quit Chrome completely  Open a terminal and execute the following  Just be cautious you are disabling web security   open -a Google  Chrome --args --disable-web-security --user-data-dir

[html] How do I use Access-Control-Allow-Origin? Does it just go in between the html head tags?

Examples related to html

Examples related to cross-domain

Examples related to same-origin-policy

Examples related to access-control

Examples related to cors