HOWTO: Enable Cross-Origin Resource Sharing for HTML5 Uploader

Options

Previous Topic Next Topic

Dmitry.Obukhov User Profile View All Posts by User View Thanks		#1 Posted : Sunday, June 3, 2012 11:28:12 PM(UTC)
Rank: Advanced Member Groups: Member Joined: 5/29/2010(UTC) Posts: 1,310 Thanks: 8 times Was thanked: 111 time(s) in 111 post(s)		Question HTML5 uploader is hosted on server1.com but uploads files to another domain server2.com. I get this error when uploading files: Code: `Origin http://server1.com is not allowed by Access-Control-Allow-Origin.` How can I resolve it? Resolution You should enable Cross-Origin Resource Sharing (CORS) on your server: For Apache Apache can be configured to expose this header using mod_headers, this is enabled by default in Apache however you may want to ensure it's enabled by running the following command: Code: `a2enmod headers` To expose the header you simply add the following line inside <Directory>, <Location>, <Files> or <VirtualHost> sections, or within a .htaccess file: Code: `Header set Access-Control-Allow-Origin ` "" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "". Note: you can also use add* rather than set, but be aware that add can add the header multiple times, so it's likely safer to use set. Eventually, you may need to reload Apache to make sure your changes are applied. For IIS6 Open Internet Information Service (IIS) Manager Right-click the site you want to enable CORS for and go to Properties Change to the HTTP Headers tab In the Custom HTTP headers section, click Add Enter Access-Control-Allow-Origin as the header name Enter * as the header value Click Ok twice "" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "". For IIS7 For Microsoft IIS7, merge this into the web.config file at the root of your application or site: Code: `<?xml version="1.0" encoding="utf-8"?> <configuration> <system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="" /> </customHeaders> </httpProtocol> </system.webServer> </configuration>` "" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "". Note:* if you don't have a web.config file already, or don't know what one is, just create a new file called web.config containing the snippet above. In PHP If you don't have access to configure Apache, you can still send the header from a PHP script. It's a case of adding the following to your PHP scripts: Code: `<?php header("Access-Control-Allow-Origin: "); ... ?>` "" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "". Note:* as with all uses of the PHP header function, this must be before any output has been sent from the server. In ASP.NET If you don't have access to configure IIS, you can still add the header through ASP.NET by adding the following line to your source pages: Code: `Response.AppendHeader("Access-Control-Allow-Origin", "");` "" means that CORS will be enabled for any domain name. If you need to use an exact name please specify it instead of "". Note:* this approach is compatible with IIS6, IIS7 Classic Mode, and IIS7 Integrated Mode. See Also - Flash Uploader. Using Host and Upload Domains that Differ from One Another. Edited by user Sunday, June 3, 2012 11:35:17 PM(UTC) \| Reason: Not specified
		Best regards, Dmitry Obukhov Technical Support. Aurigma, Inc.

1 user thanked Dmitry.Obukhov for this useful post.		shengri on 6/3/2013(UTC)

Users browsing this topic

Forum Jump

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.