QuestionHTML5 uploader is hosted on
server1.com but uploads files to another domain
server2.com. I get this error when uploading files:
Code:Origin http://server1.com is not allowed by Access-Control-Allow-Origin.
How can I resolve it?
ResolutionYou should enable Cross-Origin Resource Sharing (CORS) on your server:
For Apache Apache can be configured to expose this header using mod_headers, this is enabled by default in Apache however you may want to ensure it's enabled by running the following command:
To expose the header you simply add the following line inside
<Directory>,
<Location>,
<Files> or
<VirtualHost> sections, or within a
.htaccess file:
Code:Header set Access-Control-Allow-Origin *
"*" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "*".
Note: you can also use
add rather than
set, but be aware that add can add the header multiple times, so it's likely safer to use set. Eventually, you may need to reload Apache to make sure your changes are applied.
For IIS6- Open Internet Information Service (IIS) Manager
- Right-click the site you want to enable CORS for and go to Properties
- Change to the HTTP Headers tab
- In the Custom HTTP headers section, click Add
- Enter Access-Control-Allow-Origin as the header name
- Enter * as the header value
- Click Ok twice
"*" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "*".
For IIS7For Microsoft IIS7, merge this into the
web.config file at the root of your application or site:
Code:<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
"*" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "*".
Note: if you don't have a
web.config file already, or don't know what one is, just create a new file called
web.config containing the snippet above.
In PHPIf you don't have access to configure Apache, you can still send the header from a PHP script. It's a case of adding the following to your PHP scripts:
Code:<?php
header("Access-Control-Allow-Origin: *");
...
?>
"*" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "*".
Note: as with all uses of the PHP header function, this must be before any output has been sent from the server.
In ASP.NETIf you don't have access to configure IIS, you can still add the header through ASP.NET by adding the following line to your source pages:
Code:Response.AppendHeader("Access-Control-Allow-Origin", "*");
"*" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "*".
Note: this approach is compatible with IIS6, IIS7 Classic Mode, and IIS7 Integrated Mode.
See Also-
Flash Uploader. Using Host and Upload Domains that Differ from One Another.Edited by user Sunday, June 3, 2012 11:35:17 PM(UTC)
| Reason: Not specified