3

I have just moved my application to production server and getting an error when i try to access the page using "www" When i try to load my page as "http://example.com" it load the page and content properly and when i try to access page like "www.example.com" my all ajax calls are giving errors like :

XMLHttpRequest cannot load http://example.com/dashboard/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.example.com' is therefore not allowed access.

I am using PHP with angular.

Improve this question
4
  • [Refer This question. Cross domain ajax request ](stackoverflow.com/questions/15477527/cross-domain-ajax-request) Commented Apr 29, 2016 at 7:08
  • You have to add Access-Control-Allow-Origin Header at server side. Commented Apr 29, 2016 at 7:08
  • But i am not requesting to a different domain. why my ajax requesting is taking as a different domain (www in url)? Commented Apr 29, 2016 at 7:14
  • 1
    Yes, www is a subdomain kind of actually, so example.com and www.example.com is two different things, people usually alias to same thing Commented Apr 29, 2016 at 7:25

4 Answers 4

Reset to default
1

Is your website served with www and without it the same way? if not maybe you could add rewrite rule to htaccess so version with www and without it would serve both the same way? In such case you should not get cross domain error

RewriteEngine On RewriteCond %{HTTP_HOST} ^example.com RewriteRule (.*) http://www.example.com/$1 [R=301,L]
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

This issues is occurring because you have not set the access control origin at your server side. You can solve this issue by setting it at server end 

header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Headers: *");
Improve this answer

1 Comment

Access-Control-Allow-Headers doesn't support wildcard characters, refer to documentation! You have to manually add all the headers you want client to allow by yourself
0

When you make a request from browser, browser does a prefetch (sometime it doesn't) in either case, it checks if Access-Control-Allow-Origin actually allows your client's site to make request on different domain (web security stuff). If that doesn't match to where you are sending request from, browser blocks the request and doesn't send it.

To make request, you will need to edit the server side (on PHP), you should allow that domain, it also supports wildcards:

<?php header("Access-Control-Allow-Origin: www.example.com"); ?>

Now you can start making requests from anywhere, you can also limit the requests to specific domain so that only one domain can send you requests like:

header("Access-Control-Allow-Origin: example.com");

Improve this answer

Comments

0

This is to be expected. The Same Origin Policy states:

Two pages have the same origin if the protocol, port (if one is specified), and host are the same for both pages.

www.example.com and example.com are different hostnames, so you are crossing origins.

While the colloquialism is to refer to cross-domain requests, it is cross-origin requests that are significant; cross-domain requests are only a subset of those.

Don't host your site on multiple hostnames, pick one and stick to it. (You'll probably want to set up a redirect from the other one to it).

Using relative instead of absolute URIs would also reduce the possibility of this kind of mistake.

Improve this answer

2 Comments

if I make a redirect from www.example.com to example.com than it will work with ajax calls?
@SureshKamrushi — If you redirect from www.example.com to example.com then the origin of the request will be example.com. Since you are making the request to example.com, they will have the same origin so the same origin policy won't block the JS from reading the response.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.