Chrome is throwing an error
Access to XMLHttpRequest at 'https://codingcollections.com/system/latin-sindhi/addDownload.php' from origin 'https://fahadmaqsood.github.io' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
While on the Edge, It says:
HTTP403: FORBIDDEN - The server understood the request, but is refusing to fulfil it. (XHR)OPTIONS - https://codingcollections.com/system/latin-sindhi/addDownload.php
I browsed questions similar to this, on this website. I found out that adding "header("access-control-allow-origin: *");" in PHP would solve the issue. But in my case, it hasn't.
When I open that URL on the browser, I can see this: [Screenshot] access-control-allow-origin header is present
But through XMLHttpRequest, it isn't working (Header is not present). You can see the error on my website here: https://fahadmaqsood.github.io/latin-sindhi/download/windows.html or you can look at this screenshot: [Screenshot] access-control-allow-origin header is not present
Code on the server:
<?php
header("access-control-allow-origin: *");
$path = $_SERVER['DOCUMENT_ROOT'] . '/system/latin-sindhi/downloads.txt';
$content = file_get_contents($path);
$downloads = ((int) $content) + 1;
$file = fopen($path,'w');
fwrite($file, $downloads);
fclose($file);
echo '{
downloads: '.$downloads.'
}';
code on the client:
var request = new XMLHttpRequest()
// Open a new connection, using the GET request on the URL endpoint
request.open('GET', '//codingcollections.com/system/latin-sindhi/addDownload.php', true);
request.onload = function() {
// Begin accessing JSON data here
var data = JSON.parse(this.response)
if (request.status >= 200 && request.status < 400) {
console.log(data);
} else {
console.log('error')
}
}
// Send request
request.setRequestHeader("access-control-allow-origin", "*");
request.send()
I have tried all this before:
header('content-type: application/json; charset=utf-8');
header("access-control-allow-origin: *");
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
header("Access-Control-Expose-Headers: Content-Length, X-JSON");
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
header("Access-Control-Allow-Headers: *");
}