I am using CORS for cross-domain talk on my website. Although, the response header as shown in the pic, seems fine to me, yet, I am not receiving any response. Its still blank or returns with response. Can anyone predict the error in my approach, seeing the attached image ?
At server side, I am using this snippet
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Credentials: true ");
header("Access-Control-Allow-Methods: GET, POST");
header("Access-Control-Allow-Headers: Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control");
While at the client side , I have :-
function getXMLHTTPRequest() {
try {
req = new XMLHttpRequest();
} catch(err1) {
try {
req = new ActiveXObject("Msxml2.XMLHTTP");
} catch (err2) {
try {
req = new ActiveXObject("Microsoft.XMLHTTP");
} catch (err3) {
req = false;
}
}
}
return req;
}
var http899 = getXMLHTTPRequest();
http899.open("GET", modurl, true);
http899.setRequestHeader('Content-Type', 'text/html');
http899.onreadystatechange = useHttpResponse899;
http899.send(null);
Not necessarily a complete answer, but I think some browsers don’t accept multiple entries in the “Access-Control-Allow-Origin” header. I don’t know if Firefox is one of them.
Maybe try copying the request’s “Origin” header into the response’s “Access-Control-Allow-Origin” if it’s in the list of origins you want to accept?