Access-Control-Allow-Origin: * not working?

Question

Access-Control-Allow-Origin: * not working?

The classic "Origin ... is not resolved by the Access-Control-Allow-Origin problem." Two machines serve content for the same website. When machine A executes $('#main').load('link_to_resource_on_B') through jquery, machine B serves the contents using mod_python, adding the header Access-Control-Allow-Origin: * . But for some reason this still doesn't work. I tested this in Chrome, Safari, and Internet Explorer. And I checked through the command line to check the response header, it seems that Access-Control-Allow-Origin: * successfully in the header from B. See below. What can i skip?

 $ telnet localhost 80 Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /tests/python/test/env HTTP/1.1 host: 10.0.1.10 HTTP/1.1 200 OK Date: Mon, 27 Feb 2012 02:05:33 GMT Server: Apache/2.2.20 (Ubuntu) Access-Control-Allow-Origin: * Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/html

+4

cors mod-python

user1170717 Feb 27 '12 at 4:09

source share

1 answer

proactive-e · Answer 1 · 2012-12-10T13:17:45+0000

Enabling the Access-Control-Allow-Origin response in the response is not enough. The server-side implementation should ensure that the pre-flight OPTIONS request is correctly processed. In particular, the following HTTP headers must be specified in the OPTIONS response:

 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST

Other HTTP headers, such as Access-Control-Allow-Headers, may also be required in the OPTIONS response. If your environment uses non-standard HTTP headers.

Keep in mind that the HTTP Access-Control-Allow-Origin: * header should also be specified in the following GET and POST responses.

Access-Control-Allow-Origin: * not working?

More articles: