Cannot display values cause of CORS policy












0















I have a Invision Community forum running on v4.3.6, with two themes.
I am working on a newer one, and I want to display online/total members given by a json db.



To do this, I made this script that works only on a old theme:



<p style="margin: 0;">

    Online <img alt="on.svg" src="https://www.xxxxxx.xxxxx/forum/uploads/on.svg" style="width:8px; margin: 0 0 3px 0;"><span id="d-online"></span> | Membri &icirc;n total <img alt="total.svg" src="https://www.xxxxxx.xxxxxx/forum/uploads/total.svg" style="width: 8px; margin: 0 0 3px 0;"><span id="d-total"></span>

</p>

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script><script type="text/javascript">

$(document).ready(function(){

  $.getJSON('https://XXXXXXXXXX.xyz/morpheus/db.json', function(jd) {

    $('#d-online').append("&nbsp;", jd.online);

    $('#d-total').append("&nbsp;", jd.total);

 });

});

</script>


That should give me this:
https://i.imgur.com/I4FdhSN.png



On the newer theme that I'm working on, chrome outputs this error in console:
https://i.imgur.com/n3AL86E.png



I tried



Making a .htaccess file in the root folder of the website, with these rules



Header add Access-Control-Allow-Origin "*"

Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"

Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"


But it didn't work at all, the error still shows up.

Instead of *on the Access-Control-Allow-Origin field, I tried to put the website that hosts that db.json as origin, but it didn't work.

So I tried putting the htaccess file inside /forum/ folder, where the forum is located, but nothing.



I tried following the steps on this website, but nothing, javascript nor php didn't work.



Error:



Access to XMLHttpRequest at 'https://xxxxxxxxxx.xyz/morpheus/db.json?csrfKey=3e4139dc5b1b138ab0bcbdf7d20e4735' from origin 'https://www.xxxxxxxxxx.ro' has been blocked by CORS policy: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response.


Here are some screenshots of the db.json headers in the chrome console:
https://i.imgur.com/HMbeRV1.png
https://i.imgur.com/xCoDT6R.png



How can I fix this?






javascript apache .htaccess cors







share|improve this question

























  • Inspect the network traffic in your browser's Network console. Have a look at the request and response headers for the OPTIONS request. Post screenshots if you can

    – Phil
    Nov 25 '18 at 23:01











  • Done, I added some screenshots; are those the correct one?

    – slash
    Nov 25 '18 at 23:12











  • Yep, that's what I was after. Have you made sure the Apache headers module is installed and enabled? Perhaps try using Header always set ... instead of Header add

    – Phil
    Nov 25 '18 at 23:17











  • Header always set doesn't work. I don't know if the Apache headers module is installed and enabled, but I assume yes because on the other theme that script works perfectly. Also I don't have ssh access because my webhost doesn't provide me that, so I can't check if the modules are enabled...

    – slash
    Nov 25 '18 at 23:22






  • 1





    You also need to make Apache handle OPTIONS requests in the right way. See the answer at stackoverflow.com/questions/42558221/… and see benjaminhorn.io/code/… for a more extensive how-to.

    – sideshowbarker
    Nov 25 '18 at 23:24
















0















I have a Invision Community forum running on v4.3.6, with two themes.
I am working on a newer one, and I want to display online/total members given by a json db.



To do this, I made this script that works only on a old theme:



<p style="margin: 0;">

    Online <img alt="on.svg" src="https://www.xxxxxx.xxxxx/forum/uploads/on.svg" style="width:8px; margin: 0 0 3px 0;"><span id="d-online"></span> | Membri &icirc;n total <img alt="total.svg" src="https://www.xxxxxx.xxxxxx/forum/uploads/total.svg" style="width: 8px; margin: 0 0 3px 0;"><span id="d-total"></span>

</p>

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script><script type="text/javascript">

$(document).ready(function(){

  $.getJSON('https://XXXXXXXXXX.xyz/morpheus/db.json', function(jd) {

    $('#d-online').append("&nbsp;", jd.online);

    $('#d-total').append("&nbsp;", jd.total);

 });

});

</script>


That should give me this:
https://i.imgur.com/I4FdhSN.png



On the newer theme that I'm working on, chrome outputs this error in console:
https://i.imgur.com/n3AL86E.png



I tried



Making a .htaccess file in the root folder of the website, with these rules



Header add Access-Control-Allow-Origin "*"

Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"

Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"


But it didn't work at all, the error still shows up.

Instead of *on the Access-Control-Allow-Origin field, I tried to put the website that hosts that db.json as origin, but it didn't work.

So I tried putting the htaccess file inside /forum/ folder, where the forum is located, but nothing.



I tried following the steps on this website, but nothing, javascript nor php didn't work.



Error:



Access to XMLHttpRequest at 'https://xxxxxxxxxx.xyz/morpheus/db.json?csrfKey=3e4139dc5b1b138ab0bcbdf7d20e4735' from origin 'https://www.xxxxxxxxxx.ro' has been blocked by CORS policy: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response.


Here are some screenshots of the db.json headers in the chrome console:
https://i.imgur.com/HMbeRV1.png
https://i.imgur.com/xCoDT6R.png



How can I fix this?






javascript apache .htaccess cors







share|improve this question

























  • Inspect the network traffic in your browser's Network console. Have a look at the request and response headers for the OPTIONS request. Post screenshots if you can

    – Phil
    Nov 25 '18 at 23:01











  • Done, I added some screenshots; are those the correct one?

    – slash
    Nov 25 '18 at 23:12











  • Yep, that's what I was after. Have you made sure the Apache headers module is installed and enabled? Perhaps try using Header always set ... instead of Header add

    – Phil
    Nov 25 '18 at 23:17











  • Header always set doesn't work. I don't know if the Apache headers module is installed and enabled, but I assume yes because on the other theme that script works perfectly. Also I don't have ssh access because my webhost doesn't provide me that, so I can't check if the modules are enabled...

    – slash
    Nov 25 '18 at 23:22






  • 1





    You also need to make Apache handle OPTIONS requests in the right way. See the answer at stackoverflow.com/questions/42558221/… and see benjaminhorn.io/code/… for a more extensive how-to.

    – sideshowbarker
    Nov 25 '18 at 23:24














0












0








0


0






I have a Invision Community forum running on v4.3.6, with two themes.
I am working on a newer one, and I want to display online/total members given by a json db.



To do this, I made this script that works only on a old theme:



<p style="margin: 0;">

    Online <img alt="on.svg" src="https://www.xxxxxx.xxxxx/forum/uploads/on.svg" style="width:8px; margin: 0 0 3px 0;"><span id="d-online"></span> | Membri &icirc;n total <img alt="total.svg" src="https://www.xxxxxx.xxxxxx/forum/uploads/total.svg" style="width: 8px; margin: 0 0 3px 0;"><span id="d-total"></span>

</p>

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script><script type="text/javascript">

$(document).ready(function(){

  $.getJSON('https://XXXXXXXXXX.xyz/morpheus/db.json', function(jd) {

    $('#d-online').append("&nbsp;", jd.online);

    $('#d-total').append("&nbsp;", jd.total);

 });

});

</script>


That should give me this:
https://i.imgur.com/I4FdhSN.png



On the newer theme that I'm working on, chrome outputs this error in console:
https://i.imgur.com/n3AL86E.png



I tried



Making a .htaccess file in the root folder of the website, with these rules



Header add Access-Control-Allow-Origin "*"

Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"

Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"


But it didn't work at all, the error still shows up.

Instead of *on the Access-Control-Allow-Origin field, I tried to put the website that hosts that db.json as origin, but it didn't work.

So I tried putting the htaccess file inside /forum/ folder, where the forum is located, but nothing.



I tried following the steps on this website, but nothing, javascript nor php didn't work.



Error:



Access to XMLHttpRequest at 'https://xxxxxxxxxx.xyz/morpheus/db.json?csrfKey=3e4139dc5b1b138ab0bcbdf7d20e4735' from origin 'https://www.xxxxxxxxxx.ro' has been blocked by CORS policy: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response.


Here are some screenshots of the db.json headers in the chrome console:
https://i.imgur.com/HMbeRV1.png
https://i.imgur.com/xCoDT6R.png



How can I fix this?






javascript apache .htaccess cors







share|improve this question
















I have a Invision Community forum running on v4.3.6, with two themes.
I am working on a newer one, and I want to display online/total members given by a json db.



To do this, I made this script that works only on a old theme:



<p style="margin: 0;">

    Online <img alt="on.svg" src="https://www.xxxxxx.xxxxx/forum/uploads/on.svg" style="width:8px; margin: 0 0 3px 0;"><span id="d-online"></span> | Membri &icirc;n total <img alt="total.svg" src="https://www.xxxxxx.xxxxxx/forum/uploads/total.svg" style="width: 8px; margin: 0 0 3px 0;"><span id="d-total"></span>

</p>

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script><script type="text/javascript">

$(document).ready(function(){

  $.getJSON('https://XXXXXXXXXX.xyz/morpheus/db.json', function(jd) {

    $('#d-online').append("&nbsp;", jd.online);

    $('#d-total').append("&nbsp;", jd.total);

 });

});

</script>


That should give me this:
https://i.imgur.com/I4FdhSN.png



On the newer theme that I'm working on, chrome outputs this error in console:
https://i.imgur.com/n3AL86E.png



I tried



Making a .htaccess file in the root folder of the website, with these rules



Header add Access-Control-Allow-Origin "*"

Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"

Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"


But it didn't work at all, the error still shows up.

Instead of *on the Access-Control-Allow-Origin field, I tried to put the website that hosts that db.json as origin, but it didn't work.

So I tried putting the htaccess file inside /forum/ folder, where the forum is located, but nothing.



I tried following the steps on this website, but nothing, javascript nor php didn't work.



Error:



Access to XMLHttpRequest at 'https://xxxxxxxxxx.xyz/morpheus/db.json?csrfKey=3e4139dc5b1b138ab0bcbdf7d20e4735' from origin 'https://www.xxxxxxxxxx.ro' has been blocked by CORS policy: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response.


Here are some screenshots of the db.json headers in the chrome console:
https://i.imgur.com/HMbeRV1.png
https://i.imgur.com/xCoDT6R.png



How can I fix this?






javascript apache .htaccess cors




javascript apache .htaccess cors






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 25 '18 at 23:11







slash

















asked Nov 25 '18 at 22:55









slashslash

63




63













  • Inspect the network traffic in your browser's Network console. Have a look at the request and response headers for the OPTIONS request. Post screenshots if you can

    – Phil
    Nov 25 '18 at 23:01











  • Done, I added some screenshots; are those the correct one?

    – slash
    Nov 25 '18 at 23:12











  • Yep, that's what I was after. Have you made sure the Apache headers module is installed and enabled? Perhaps try using Header always set ... instead of Header add

    – Phil
    Nov 25 '18 at 23:17











  • Header always set doesn't work. I don't know if the Apache headers module is installed and enabled, but I assume yes because on the other theme that script works perfectly. Also I don't have ssh access because my webhost doesn't provide me that, so I can't check if the modules are enabled...

    – slash
    Nov 25 '18 at 23:22






  • 1





    You also need to make Apache handle OPTIONS requests in the right way. See the answer at stackoverflow.com/questions/42558221/… and see benjaminhorn.io/code/… for a more extensive how-to.

    – sideshowbarker
    Nov 25 '18 at 23:24



















  • Inspect the network traffic in your browser's Network console. Have a look at the request and response headers for the OPTIONS request. Post screenshots if you can

    – Phil
    Nov 25 '18 at 23:01











  • Done, I added some screenshots; are those the correct one?

    – slash
    Nov 25 '18 at 23:12











  • Yep, that's what I was after. Have you made sure the Apache headers module is installed and enabled? Perhaps try using Header always set ... instead of Header add

    – Phil
    Nov 25 '18 at 23:17











  • Header always set doesn't work. I don't know if the Apache headers module is installed and enabled, but I assume yes because on the other theme that script works perfectly. Also I don't have ssh access because my webhost doesn't provide me that, so I can't check if the modules are enabled...

    – slash
    Nov 25 '18 at 23:22






  • 1





    You also need to make Apache handle OPTIONS requests in the right way. See the answer at stackoverflow.com/questions/42558221/… and see benjaminhorn.io/code/… for a more extensive how-to.

    – sideshowbarker
    Nov 25 '18 at 23:24

















Inspect the network traffic in your browser's Network console. Have a look at the request and response headers for the OPTIONS request. Post screenshots if you can

– Phil
Nov 25 '18 at 23:01





Inspect the network traffic in your browser's Network console. Have a look at the request and response headers for the OPTIONS request. Post screenshots if you can

– Phil
Nov 25 '18 at 23:01













Done, I added some screenshots; are those the correct one?

– slash
Nov 25 '18 at 23:12





Done, I added some screenshots; are those the correct one?

– slash
Nov 25 '18 at 23:12













Yep, that's what I was after. Have you made sure the Apache headers module is installed and enabled? Perhaps try using Header always set ... instead of Header add

– Phil
Nov 25 '18 at 23:17





Yep, that's what I was after. Have you made sure the Apache headers module is installed and enabled? Perhaps try using Header always set ... instead of Header add

– Phil
Nov 25 '18 at 23:17













Header always set doesn't work. I don't know if the Apache headers module is installed and enabled, but I assume yes because on the other theme that script works perfectly. Also I don't have ssh access because my webhost doesn't provide me that, so I can't check if the modules are enabled...

– slash
Nov 25 '18 at 23:22





Header always set doesn't work. I don't know if the Apache headers module is installed and enabled, but I assume yes because on the other theme that script works perfectly. Also I don't have ssh access because my webhost doesn't provide me that, so I can't check if the modules are enabled...

– slash
Nov 25 '18 at 23:22




1




1





You also need to make Apache handle OPTIONS requests in the right way. See the answer at stackoverflow.com/questions/42558221/… and see benjaminhorn.io/code/… for a more extensive how-to.

– sideshowbarker
Nov 25 '18 at 23:24





You also need to make Apache handle OPTIONS requests in the right way. See the answer at stackoverflow.com/questions/42558221/… and see benjaminhorn.io/code/… for a more extensive how-to.

– sideshowbarker
Nov 25 '18 at 23:24












1 Answer
1






active

oldest

votes


















-1














To troubleshoot things like this I like to use two separate tools:





  • Fiddler: a browser routing tracer for all your network and CORS checking needs.


  • PostMan: A simple way to configure necessary headers and authentication configuration to ensure that you have all the proper parameters to access the necessary data.






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53472829%2fcannot-display-values-cause-of-cors-policy%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    -1














    To troubleshoot things like this I like to use two separate tools:





    • Fiddler: a browser routing tracer for all your network and CORS checking needs.


    • PostMan: A simple way to configure necessary headers and authentication configuration to ensure that you have all the proper parameters to access the necessary data.






    share|improve this answer




























      -1














      To troubleshoot things like this I like to use two separate tools:





      • Fiddler: a browser routing tracer for all your network and CORS checking needs.


      • PostMan: A simple way to configure necessary headers and authentication configuration to ensure that you have all the proper parameters to access the necessary data.






      share|improve this answer


























        -1












        -1








        -1







        To troubleshoot things like this I like to use two separate tools:





        • Fiddler: a browser routing tracer for all your network and CORS checking needs.


        • PostMan: A simple way to configure necessary headers and authentication configuration to ensure that you have all the proper parameters to access the necessary data.






        share|improve this answer













        To troubleshoot things like this I like to use two separate tools:





        • Fiddler: a browser routing tracer for all your network and CORS checking needs.


        • PostMan: A simple way to configure necessary headers and authentication configuration to ensure that you have all the proper parameters to access the necessary data.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 26 '18 at 0:07









        Justin RiceJustin Rice

        696




        696
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53472829%2fcannot-display-values-cause-of-cors-policy%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Wiesbaden

            Image
            Wappen Deutschlandkarte 50.0825 8.24 117 Koordinaten: 50° 5′  N , 8° 14′  O Basisdaten Bundesland: Hessen Regierungsbezirk: Darmstadt Höhe: 117 m ü. NHN Fläche: 203,93 km 2 Einwohner: 278.654 (31. Dez. 2017) [1] Bevölkerungsdichte: 1366 Einwohner je km 2 Postleitzahlen: 65183–65207, 55246, 55252 Vorlage:Infobox Gemeinde in Deutschland/Wartung/PLZ enthält Text Vorwahlen: 0611, 06122, 06127, 06134 Kfz-Kennzeichen: WI Gemeindeschlüssel: 06 4 14 000 LOCODE: DE WIB NUTS: DE714 Stadtgliederung: 26 Ortsbezirke Adresse der Stadtverwaltung: Schlossplatz 6 65183 Wiesbaden Webpräsenz: www.wiesbaden.de Oberbürgermeister: Sven Gerich (SPD) Lage der Landeshauptstadt Wiesbaden in Hessen und im Regierungsbezirk Darmstadt Offizielles Logo der Landeshauptstadt Wiesbaden Flagge der Landeshauptstadt Wiesbaden Wiesbaden is
            Read more

            Marschland

            Image
            Kilometerweite Marsch in den Vier- und Marschlanden am Elbdeich Die Wedeler Marschlandschaft in Schleswig-Holstein Der Hadelner Kanal zur Entwässerung der Marsch Die tief gelegene Marsch und ein Entwässerungskanal Das Schöpfwerk Otterndorf im Land Hadeln zur Entwässerung der Medem verfügte damals bereits über die größte Kreiselpumpe Europas. Das Schöpfwerk in Neuhaus für die Aue und des Neuhaus-Bülkauer Kanals Als Marsch(land) (v. niederdt., altsächs. mersc ) – auch Masch , Mersch oder Schwemmland genannt – bezeichnet man eine nacheiszeitlich entstandene geomorphologische Landform im Gebiet der nordwestdeutschen Küsten und Flüsse sowie vergleichbare Landformen weltweit. Inhaltsverzeichnis 1 Landschaft 2 Entstehung 3 Marschböden 4 Nutzung 5 Marschgebiete in Deutschland 6 Siehe auch 7 Literatur 8 Weblinks 9 Einzelnachweise Landschaft | Marschen sind generell flache Landstriche ohne natürliche Erhebungen. Si
            Read more

            Dieringhausen

            Image
            Dieringhausen Stadt Gummersbach 50.982777777778 7.5316666666667 165 Koordinaten: 50° 58′ 58″  N , 7° 31′ 54″  O Höhe: 165  (160–245)  m Einwohner: 5055  (30. Jun. 2016) Postleitzahl: 51645 Vorwahl: 02261 Lage von Dieringhausen in Gummersbach Im Hohl ca. 1927–1930 Ansicht von Südwesten bei Bünghausen Dieringhausen (im örtlichen Dialekt Dierkesen ) ist ein Ortsteil von Gummersbach im Oberbergischen Kreis, Regierungsbezirk Köln, Nordrhein-Westfalen (Deutschland). Inhaltsverzeichnis 1 Geographie 2 Geschichte 3 Kultur 3.1 Sehenswürdigkeiten 3.2 Regelmäßige Veranstaltungen 4 Infrastruktur und Wirtschaft 4.1 Verkehr 4.1.1 Schienen- und Busverkehr 4.1.2 Straßen 4.2 Öffentliche Einrichtungen 4.2.1 Schulen und Bildungseinrichtungen 4.2.2 Kirchliche Einrichtungen 5 Persönlichkeiten 5.1 In Dieringhausen geboren 5.2 In Dieringhausen gelebt 6 Einzelnachweise 7
            Read more