Welcome Guest! You need to login or register to make posts.

Notification

Icon
Error

Options
Go to last post Go to first unread
Dmitry.Obukhov  
#1 Posted : Sunday, June 3, 2012 11:28:12 PM(UTC)
Dmitry.Obukhov

Rank: Advanced Member

Groups: Administration
Joined: 5/29/2010(UTC)
Posts: 1,310

Thanks: 8 times
Was thanked: 111 time(s) in 111 post(s)
Question

HTML5 uploader is hosted on server1.com but uploads files to another domain server2.com. I get this error when uploading files:

Code:
Origin http://server1.com is not allowed by Access-Control-Allow-Origin.

How can I resolve it?

Resolution

You should enable Cross-Origin Resource Sharing (CORS) on your server:

For Apache

Apache can be configured to expose this header using mod_headers, this is enabled by default in Apache however you may want to ensure it's enabled by running the following command:
Code:
a2enmod headers

To expose the header you simply add the following line inside <Directory>, <Location>, <Files> or <VirtualHost> sections, or within a .htaccess file:
Code:
Header set Access-Control-Allow-Origin *

"*" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "*".

Note: you can also use add rather than set, but be aware that add can add the header multiple times, so it's likely safer to use set. Eventually, you may need to reload Apache to make sure your changes are applied.

For IIS6
  1. Open Internet Information Service (IIS) Manager
  2. Right-click the site you want to enable CORS for and go to Properties
  3. Change to the HTTP Headers tab
  4. In the Custom HTTP headers section, click Add
  5. Enter Access-Control-Allow-Origin as the header name
  6. Enter * as the header value
  7. Click Ok twice
"*" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "*".

For IIS7

For Microsoft IIS7, merge this into the web.config file at the root of your application or site:
Code:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
 <system.webServer>
   <httpProtocol>
     <customHeaders>
       <add name="Access-Control-Allow-Origin" value="*" />
     </customHeaders>
   </httpProtocol>
 </system.webServer>
</configuration>

"*" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "*".

Note: if you don't have a web.config file already, or don't know what one is, just create a new file called web.config containing the snippet above.

In PHP

If you don't have access to configure Apache, you can still send the header from a PHP script. It's a case of adding the following to your PHP scripts:
Code:
<?php
header("Access-Control-Allow-Origin: *");
...
?>

"*" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "*".

Note: as with all uses of the PHP header function, this must be before any output has been sent from the server.

In ASP.NET

If you don't have access to configure IIS, you can still add the header through ASP.NET by adding the following line to your source pages:
Code:
Response.AppendHeader("Access-Control-Allow-Origin", "*");

"*" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "*".

Note: this approach is compatible with IIS6, IIS7 Classic Mode, and IIS7 Integrated Mode.

See Also

- Flash Uploader. Using Host and Upload Domains that Differ from One Another.

Edited by user Sunday, June 3, 2012 11:35:17 PM(UTC)  | Reason: Not specified

Best regards,
Dmitry Obukhov
Technical Support. Aurigma, Inc.
thanks 1 user thanked Dmitry.Obukhov for this useful post.
shengri on 6/3/2013(UTC)
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.