Failed to load https://test.com/: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://test.com' is therefore not allowed access.
Asked
Active
Viewed 31 times
1 Answers
0
Just add
header('Access-Control-Allow-Origin: *');
on top of your API file.
Bhawesh Chandola
- 489
- 4
- 18
-
Should never use * – Lawrence Cherone May 01 '18 at 08:39
-
1@LawrenceCherone If you are working on universal API then, it is okay to use it but you have to add further security checks to ensure safety. – Bhawesh Chandola May 01 '18 at 09:44
-
No, you should still avoid it, instead if you want to allow all you should use the `origin` header value which is sent in the preflight request, adding a single header is not the right way to do it. [See this image](https://camo.githubusercontent.com/9ea48e5f02e4aaea34dc7f7584ee1bb0680e098e/687474703a2f2f7777772e68746d6c35726f636b732e636f6d2f7374617469632f696d616765732f636f72735f7365727665725f666c6f7763686172742e706e67) – Lawrence Cherone May 01 '18 at 09:53
-
[Most do it wrong so easy mistake.](https://github.com/search?q=Access-Control-Allow-Origin%3A+%2A&type=Code) – Lawrence Cherone May 01 '18 at 09:54