18

XMLHttpRequest cannot load https://webservice.com?param=hahah. Origin http://{domain} is not allowed by Access-Control-Allow-Origin.

I get this when I try to make a webservice call through wampserver, how could I enable this on wampserver?

or how may i just jsonP to obtain xml data without javascript throwing an error.

sideshowbarker
  • 62,215
  • 21
  • 143
  • 153
user2167582
  • 5,103
  • 10
  • 50
  • 95
  • There is nothing special about WAMP for this. Have you read this question: http://stackoverflow.com/questions/7564832/how-to-bypass-access-control-allow-origin – Sarah Kemp Aug 08 '13 at 22:36
  • but i need to run it with xml reponses, and I dont think php is doable. – user2167582 Aug 12 '13 at 19:54

2 Answers2

37

You have to enable the headers module first, like so :

  • click on the wamp icon in your systray
  • go to Apache > Apache modules
  • check the option 'headers_module'

And then include this in your apache config:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin: *
</IfModule>

(in httpd.conf or in the configuration of your vhost)

(Instead of the * you can also specify a specific domain)

marty
  • 581
  • 5
  • 12
  • Awesome had to restart the WAMP server several times before this took effect but it worked +1 – Ben Racicot Jun 20 '14 at 02:59
  • @marty where exactly do i need to add the lines of code in httpd.conf file? – Faizan Aug 10 '15 at 12:16
  • @marty, the access control works with the * at the end but when I put in "me.myspecialdomain.com" it goes back to giving the error. Any ideas what I should be looking for? – user1794918 Feb 14 '17 at 20:51
  • @Faizan : It doesn't really matter where you add it. Just anywhere in the vhost config of your domain. – marty Feb 18 '17 at 21:30
  • @user1794918 : if domain www.b.com is requesting content from www.a.com then in the config of a.com you have to allow b.com. So in your case me.myspecialdomain.com should be the requesting domain. – marty Feb 18 '17 at 21:30
  • @marty how do we allow .woff2 font files to join the party? for some reason they do not have access like everyone else – klewis Dec 10 '19 at 18:49
  • Woffs are not different from other statics with regards to cors policies, so I'm not sure I understand what exactly the problem is you're facing? – marty Dec 17 '19 at 08:38
2

Hope this will solve your problem -

To add the CORS authorization to the header using Apache, simply add the following line inside either the , , or sections of your server config (usually located in a *.conf file, such as httpd.conf or apache.conf), or within a .htaccess file:

For all requests - 

Header set Access-Control-Allow-Origin "*"

For trusted hosts - 

Header set Access-Control-Allow-Origin "your-ip/domain-here"
Dadaso Zanzane
  • 5,229
  • 1
  • 21
  • 22
  • after I change it in httpd-vhosts.conf in apache into wampserver, the wampserve icon is always orange, do you know what can i do? @Dadaso Zanzane – Manspof May 02 '17 at 09:10