• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Access-Control-Allow-Origin header Missing

D

djchinezu2

New Pleskian
I have included this javascript on other domains:
PHP: 
var id = "<?php echo check_input($_GET['token']); ?>";
    var querystring = "";
    var lockerurl = "https:\/\/www.example.com\/contentlocker\/getlocker.php?" + 'id=' + encodeURIComponent(id) + '&r=' + encodeURIComponent(referrer) + querystring;


    var iframecontents;
    var old_display;

    function optionstoquery(options) {

        var query = "";

        if (options.mt) query += "&mt=" + encodeURIComponent(options.mt);
        if (options.dt) query += "&dt=" + encodeURIComponent(options.dt);
        if (options.dd) query += "&dd=" + encodeURIComponent(options.dd);
        if (options.md) query += "&md=" + encodeURIComponent(options.md);

        return query;

    }

    function og_load(options) {

        if (options) lockerurl += optionstoquery(options);

                        //preload
            var xhr = new XMLHttpRequest();
            xhr.open('GET', lockerurl, true);
            xhr.onreadystatechange = function() {
                if (this.readyState!==4) return;
                if (this.status!==200) {
                    iframecontents = false;
                    return;
                }

                iframecontents = this.responseText;
            };
            xhr.send();

            ogEditBody();
                }

In console of browser I have this error:

Code: 
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.example.com/contentlocker/getlocker.php?id=3e066b64a78214a17620b5521b6d3ec4&r=aHR0cDovL2NwYWh1Yi51cy9yb29zdGVyMi5odG1s. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

getlocker.php contains some php and html code!

I using

and I have tried by adding in getlocker.php:

Code: 
header('Access-Control-Allow-Origin: *');
But still not working!

Any idea? Thank you!
 
Try the following in a .htaccess file;

Code: 
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
 
You must log in or register to reply here.

Similar threads

V
Question Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Replies
17
Views
11K
brijeshgurung187@gmai
B
D
Input How to run Magento 2 on Plesk Obsidian 18 without Docker
Replies
7
Views
4K
grizlyadams
G
E
Question Additionals headers: Access-Control-Allow-Origin for 2 domains
Replies
0
Views
2K
Erwan
E
Z
Resolved AH00037: Symbolic link not allowed or link target not accessible
Replies
11
Views
7K
Bitpalast
Bitpalast
R
Question Missing Authorization Headers in FPM application served by Nginx
Replies
2
Views
6K
Kaspar
K
Back
Top