Cannot display values cause of CORS policy












0















I have a Invision Community forum running on v4.3.6, with two themes.
I am working on a newer one, and I want to display online/total members given by a json db.



To do this, I made this script that works only on a old theme:



<p style="margin: 0;">

    Online <img alt="on.svg" src="https://www.xxxxxx.xxxxx/forum/uploads/on.svg" style="width:8px; margin: 0 0 3px 0;"><span id="d-online"></span> | Membri &icirc;n total <img alt="total.svg" src="https://www.xxxxxx.xxxxxx/forum/uploads/total.svg" style="width: 8px; margin: 0 0 3px 0;"><span id="d-total"></span>

</p>

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script><script type="text/javascript">

$(document).ready(function(){

  $.getJSON('https://XXXXXXXXXX.xyz/morpheus/db.json', function(jd) {

    $('#d-online').append("&nbsp;", jd.online);

    $('#d-total').append("&nbsp;", jd.total);

 });

});

</script>


That should give me this:
https://i.imgur.com/I4FdhSN.png



On the newer theme that I'm working on, chrome outputs this error in console:
https://i.imgur.com/n3AL86E.png



I tried



Making a .htaccess file in the root folder of the website, with these rules



Header add Access-Control-Allow-Origin "*"

Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"

Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"


But it didn't work at all, the error still shows up.

Instead of *on the Access-Control-Allow-Origin field, I tried to put the website that hosts that db.json as origin, but it didn't work.

So I tried putting the htaccess file inside /forum/ folder, where the forum is located, but nothing.



I tried following the steps on this website, but nothing, javascript nor php didn't work.



Error:



Access to XMLHttpRequest at 'https://xxxxxxxxxx.xyz/morpheus/db.json?csrfKey=3e4139dc5b1b138ab0bcbdf7d20e4735' from origin 'https://www.xxxxxxxxxx.ro' has been blocked by CORS policy: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response.


Here are some screenshots of the db.json headers in the chrome console:
https://i.imgur.com/HMbeRV1.png
https://i.imgur.com/xCoDT6R.png



How can I fix this?






javascript apache .htaccess cors







share|improve this question

























  • Inspect the network traffic in your browser's Network console. Have a look at the request and response headers for the OPTIONS request. Post screenshots if you can

    – Phil
    Nov 25 '18 at 23:01











  • Done, I added some screenshots; are those the correct one?

    – slash
    Nov 25 '18 at 23:12











  • Yep, that's what I was after. Have you made sure the Apache headers module is installed and enabled? Perhaps try using Header always set ... instead of Header add

    – Phil
    Nov 25 '18 at 23:17











  • Header always set doesn't work. I don't know if the Apache headers module is installed and enabled, but I assume yes because on the other theme that script works perfectly. Also I don't have ssh access because my webhost doesn't provide me that, so I can't check if the modules are enabled...

    – slash
    Nov 25 '18 at 23:22






  • 1





    You also need to make Apache handle OPTIONS requests in the right way. See the answer at stackoverflow.com/questions/42558221/… and see benjaminhorn.io/code/… for a more extensive how-to.

    – sideshowbarker
    Nov 25 '18 at 23:24
















0















I have a Invision Community forum running on v4.3.6, with two themes.
I am working on a newer one, and I want to display online/total members given by a json db.



To do this, I made this script that works only on a old theme:



<p style="margin: 0;">

    Online <img alt="on.svg" src="https://www.xxxxxx.xxxxx/forum/uploads/on.svg" style="width:8px; margin: 0 0 3px 0;"><span id="d-online"></span> | Membri &icirc;n total <img alt="total.svg" src="https://www.xxxxxx.xxxxxx/forum/uploads/total.svg" style="width: 8px; margin: 0 0 3px 0;"><span id="d-total"></span>

</p>

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script><script type="text/javascript">

$(document).ready(function(){

  $.getJSON('https://XXXXXXXXXX.xyz/morpheus/db.json', function(jd) {

    $('#d-online').append("&nbsp;", jd.online);

    $('#d-total').append("&nbsp;", jd.total);

 });

});

</script>


That should give me this:
https://i.imgur.com/I4FdhSN.png



On the newer theme that I'm working on, chrome outputs this error in console:
https://i.imgur.com/n3AL86E.png



I tried



Making a .htaccess file in the root folder of the website, with these rules



Header add Access-Control-Allow-Origin "*"

Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"

Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"


But it didn't work at all, the error still shows up.

Instead of *on the Access-Control-Allow-Origin field, I tried to put the website that hosts that db.json as origin, but it didn't work.

So I tried putting the htaccess file inside /forum/ folder, where the forum is located, but nothing.



I tried following the steps on this website, but nothing, javascript nor php didn't work.



Error:



Access to XMLHttpRequest at 'https://xxxxxxxxxx.xyz/morpheus/db.json?csrfKey=3e4139dc5b1b138ab0bcbdf7d20e4735' from origin 'https://www.xxxxxxxxxx.ro' has been blocked by CORS policy: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response.


Here are some screenshots of the db.json headers in the chrome console:
https://i.imgur.com/HMbeRV1.png
https://i.imgur.com/xCoDT6R.png



How can I fix this?






javascript apache .htaccess cors







share|improve this question

























  • Inspect the network traffic in your browser's Network console. Have a look at the request and response headers for the OPTIONS request. Post screenshots if you can

    – Phil
    Nov 25 '18 at 23:01











  • Done, I added some screenshots; are those the correct one?

    – slash
    Nov 25 '18 at 23:12











  • Yep, that's what I was after. Have you made sure the Apache headers module is installed and enabled? Perhaps try using Header always set ... instead of Header add

    – Phil
    Nov 25 '18 at 23:17











  • Header always set doesn't work. I don't know if the Apache headers module is installed and enabled, but I assume yes because on the other theme that script works perfectly. Also I don't have ssh access because my webhost doesn't provide me that, so I can't check if the modules are enabled...

    – slash
    Nov 25 '18 at 23:22






  • 1





    You also need to make Apache handle OPTIONS requests in the right way. See the answer at stackoverflow.com/questions/42558221/… and see benjaminhorn.io/code/… for a more extensive how-to.

    – sideshowbarker
    Nov 25 '18 at 23:24














0












0








0


0






I have a Invision Community forum running on v4.3.6, with two themes.
I am working on a newer one, and I want to display online/total members given by a json db.



To do this, I made this script that works only on a old theme:



<p style="margin: 0;">

    Online <img alt="on.svg" src="https://www.xxxxxx.xxxxx/forum/uploads/on.svg" style="width:8px; margin: 0 0 3px 0;"><span id="d-online"></span> | Membri &icirc;n total <img alt="total.svg" src="https://www.xxxxxx.xxxxxx/forum/uploads/total.svg" style="width: 8px; margin: 0 0 3px 0;"><span id="d-total"></span>

</p>

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script><script type="text/javascript">

$(document).ready(function(){

  $.getJSON('https://XXXXXXXXXX.xyz/morpheus/db.json', function(jd) {

    $('#d-online').append("&nbsp;", jd.online);

    $('#d-total').append("&nbsp;", jd.total);

 });

});

</script>


That should give me this:
https://i.imgur.com/I4FdhSN.png



On the newer theme that I'm working on, chrome outputs this error in console:
https://i.imgur.com/n3AL86E.png



I tried



Making a .htaccess file in the root folder of the website, with these rules



Header add Access-Control-Allow-Origin "*"

Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"

Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"


But it didn't work at all, the error still shows up.

Instead of *on the Access-Control-Allow-Origin field, I tried to put the website that hosts that db.json as origin, but it didn't work.

So I tried putting the htaccess file inside /forum/ folder, where the forum is located, but nothing.



I tried following the steps on this website, but nothing, javascript nor php didn't work.



Error:



Access to XMLHttpRequest at 'https://xxxxxxxxxx.xyz/morpheus/db.json?csrfKey=3e4139dc5b1b138ab0bcbdf7d20e4735' from origin 'https://www.xxxxxxxxxx.ro' has been blocked by CORS policy: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response.


Here are some screenshots of the db.json headers in the chrome console:
https://i.imgur.com/HMbeRV1.png
https://i.imgur.com/xCoDT6R.png



How can I fix this?






javascript apache .htaccess cors







share|improve this question
















I have a Invision Community forum running on v4.3.6, with two themes.
I am working on a newer one, and I want to display online/total members given by a json db.



To do this, I made this script that works only on a old theme:



<p style="margin: 0;">

    Online <img alt="on.svg" src="https://www.xxxxxx.xxxxx/forum/uploads/on.svg" style="width:8px; margin: 0 0 3px 0;"><span id="d-online"></span> | Membri &icirc;n total <img alt="total.svg" src="https://www.xxxxxx.xxxxxx/forum/uploads/total.svg" style="width: 8px; margin: 0 0 3px 0;"><span id="d-total"></span>

</p>

<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script><script type="text/javascript">

$(document).ready(function(){

  $.getJSON('https://XXXXXXXXXX.xyz/morpheus/db.json', function(jd) {

    $('#d-online').append("&nbsp;", jd.online);

    $('#d-total').append("&nbsp;", jd.total);

 });

});

</script>


That should give me this:
https://i.imgur.com/I4FdhSN.png



On the newer theme that I'm working on, chrome outputs this error in console:
https://i.imgur.com/n3AL86E.png



I tried



Making a .htaccess file in the root folder of the website, with these rules



Header add Access-Control-Allow-Origin "*"

Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"

Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"


But it didn't work at all, the error still shows up.

Instead of *on the Access-Control-Allow-Origin field, I tried to put the website that hosts that db.json as origin, but it didn't work.

So I tried putting the htaccess file inside /forum/ folder, where the forum is located, but nothing.



I tried following the steps on this website, but nothing, javascript nor php didn't work.



Error:



Access to XMLHttpRequest at 'https://xxxxxxxxxx.xyz/morpheus/db.json?csrfKey=3e4139dc5b1b138ab0bcbdf7d20e4735' from origin 'https://www.xxxxxxxxxx.ro' has been blocked by CORS policy: Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers in preflight response.


Here are some screenshots of the db.json headers in the chrome console:
https://i.imgur.com/HMbeRV1.png
https://i.imgur.com/xCoDT6R.png



How can I fix this?






javascript apache .htaccess cors




javascript apache .htaccess cors






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 25 '18 at 23:11







slash

















asked Nov 25 '18 at 22:55









slashslash

63




63













  • Inspect the network traffic in your browser's Network console. Have a look at the request and response headers for the OPTIONS request. Post screenshots if you can

    – Phil
    Nov 25 '18 at 23:01











  • Done, I added some screenshots; are those the correct one?

    – slash
    Nov 25 '18 at 23:12











  • Yep, that's what I was after. Have you made sure the Apache headers module is installed and enabled? Perhaps try using Header always set ... instead of Header add

    – Phil
    Nov 25 '18 at 23:17











  • Header always set doesn't work. I don't know if the Apache headers module is installed and enabled, but I assume yes because on the other theme that script works perfectly. Also I don't have ssh access because my webhost doesn't provide me that, so I can't check if the modules are enabled...

    – slash
    Nov 25 '18 at 23:22






  • 1





    You also need to make Apache handle OPTIONS requests in the right way. See the answer at stackoverflow.com/questions/42558221/… and see benjaminhorn.io/code/… for a more extensive how-to.

    – sideshowbarker
    Nov 25 '18 at 23:24



















  • Inspect the network traffic in your browser's Network console. Have a look at the request and response headers for the OPTIONS request. Post screenshots if you can

    – Phil
    Nov 25 '18 at 23:01











  • Done, I added some screenshots; are those the correct one?

    – slash
    Nov 25 '18 at 23:12











  • Yep, that's what I was after. Have you made sure the Apache headers module is installed and enabled? Perhaps try using Header always set ... instead of Header add

    – Phil
    Nov 25 '18 at 23:17











  • Header always set doesn't work. I don't know if the Apache headers module is installed and enabled, but I assume yes because on the other theme that script works perfectly. Also I don't have ssh access because my webhost doesn't provide me that, so I can't check if the modules are enabled...

    – slash
    Nov 25 '18 at 23:22






  • 1





    You also need to make Apache handle OPTIONS requests in the right way. See the answer at stackoverflow.com/questions/42558221/… and see benjaminhorn.io/code/… for a more extensive how-to.

    – sideshowbarker
    Nov 25 '18 at 23:24

















Inspect the network traffic in your browser's Network console. Have a look at the request and response headers for the OPTIONS request. Post screenshots if you can

– Phil
Nov 25 '18 at 23:01





Inspect the network traffic in your browser's Network console. Have a look at the request and response headers for the OPTIONS request. Post screenshots if you can

– Phil
Nov 25 '18 at 23:01













Done, I added some screenshots; are those the correct one?

– slash
Nov 25 '18 at 23:12





Done, I added some screenshots; are those the correct one?

– slash
Nov 25 '18 at 23:12













Yep, that's what I was after. Have you made sure the Apache headers module is installed and enabled? Perhaps try using Header always set ... instead of Header add

– Phil
Nov 25 '18 at 23:17





Yep, that's what I was after. Have you made sure the Apache headers module is installed and enabled? Perhaps try using Header always set ... instead of Header add

– Phil
Nov 25 '18 at 23:17













Header always set doesn't work. I don't know if the Apache headers module is installed and enabled, but I assume yes because on the other theme that script works perfectly. Also I don't have ssh access because my webhost doesn't provide me that, so I can't check if the modules are enabled...

– slash
Nov 25 '18 at 23:22





Header always set doesn't work. I don't know if the Apache headers module is installed and enabled, but I assume yes because on the other theme that script works perfectly. Also I don't have ssh access because my webhost doesn't provide me that, so I can't check if the modules are enabled...

– slash
Nov 25 '18 at 23:22




1




1





You also need to make Apache handle OPTIONS requests in the right way. See the answer at stackoverflow.com/questions/42558221/… and see benjaminhorn.io/code/… for a more extensive how-to.

– sideshowbarker
Nov 25 '18 at 23:24





You also need to make Apache handle OPTIONS requests in the right way. See the answer at stackoverflow.com/questions/42558221/… and see benjaminhorn.io/code/… for a more extensive how-to.

– sideshowbarker
Nov 25 '18 at 23:24












1 Answer
1






active

oldest

votes


















-1














To troubleshoot things like this I like to use two separate tools:





  • Fiddler: a browser routing tracer for all your network and CORS checking needs.


  • PostMan: A simple way to configure necessary headers and authentication configuration to ensure that you have all the proper parameters to access the necessary data.






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53472829%2fcannot-display-values-cause-of-cors-policy%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    -1














    To troubleshoot things like this I like to use two separate tools:





    • Fiddler: a browser routing tracer for all your network and CORS checking needs.


    • PostMan: A simple way to configure necessary headers and authentication configuration to ensure that you have all the proper parameters to access the necessary data.






    share|improve this answer




























      -1














      To troubleshoot things like this I like to use two separate tools:





      • Fiddler: a browser routing tracer for all your network and CORS checking needs.


      • PostMan: A simple way to configure necessary headers and authentication configuration to ensure that you have all the proper parameters to access the necessary data.






      share|improve this answer


























        -1












        -1








        -1







        To troubleshoot things like this I like to use two separate tools:





        • Fiddler: a browser routing tracer for all your network and CORS checking needs.


        • PostMan: A simple way to configure necessary headers and authentication configuration to ensure that you have all the proper parameters to access the necessary data.






        share|improve this answer













        To troubleshoot things like this I like to use two separate tools:





        • Fiddler: a browser routing tracer for all your network and CORS checking needs.


        • PostMan: A simple way to configure necessary headers and authentication configuration to ensure that you have all the proper parameters to access the necessary data.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 26 '18 at 0:07









        Justin RiceJustin Rice

        696




        696
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53472829%2fcannot-display-values-cause-of-cors-policy%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            To store a contact into the json file from server.js file using a class in NodeJS

            Image
            0 I have created three files -contactPresentation.js, contactService.js, contacts.json. I will run the contactService.js file. And it will navigate to contactPresentation.js file that will only choose an option to either add or display a file. If add(), then add the data into add of service file.And the data will be added to the contacts.json file . And if display(), then display the display() of service file. And the display will take the data from contacts.json file. However, i know my code is flawed. Please correct it . I am also getting an error - this.contacts.push(new ContactService(userName, contactNumber, emailId)); ^ TypeError: Cannot read property 'push' of undefined at ContactService.add (e:NodeJSProjectcontactManager2contactService.js:57:23) at new C
            Read more

            Redirect URL with Chrome Remote Debugging Android Devices

            Image
            1 How can i redirect an URL with Chrome Remote Debugging Android Devices? like Requestly Chrome extension on desktop. google-chrome debugging url redirect testing share | improve this question edited Nov 24 '18 at 8:16 sachinjain024 14.7k 23 73 129 asked Nov 23 '18 at 16:09 Momen Momen 91 10
            Read more

            Dieringhausen

            Image
            Dieringhausen Stadt Gummersbach 50.982777777778 7.5316666666667 165 Koordinaten: 50° 58′ 58″  N , 7° 31′ 54″  O Höhe: 165  (160–245)  m Einwohner: 5055  (30. Jun. 2016) Postleitzahl: 51645 Vorwahl: 02261 Lage von Dieringhausen in Gummersbach Im Hohl ca. 1927–1930 Ansicht von Südwesten bei Bünghausen Dieringhausen (im örtlichen Dialekt Dierkesen ) ist ein Ortsteil von Gummersbach im Oberbergischen Kreis, Regierungsbezirk Köln, Nordrhein-Westfalen (Deutschland). Inhaltsverzeichnis 1 Geographie 2 Geschichte 3 Kultur 3.1 Sehenswürdigkeiten 3.2 Regelmäßige Veranstaltungen 4 Infrastruktur und Wirtschaft 4.1 Verkehr 4.1.1 Schienen- und Busverkehr 4.1.2 Straßen 4.2 Öffentliche Einrichtungen 4.2.1 Schulen und Bildungseinrichtungen 4.2.2 Kirchliche Einrichtungen 5 Persönlichkeiten 5.1 In Dieringhausen geboren 5.2 In Dieringhausen gelebt 6 Einzelnachweise 7
            Read more