Question

104

CORS – Cross Origin Request Blocked – The 'Access-Control-Allow-Origin' header contains invalid value

rated 0 times [ 108] [ 4] / answers: 1 / hits: 9044 / 4 Years ago, fri, january 24, 2020, 12:00:00

I am having problems with CORS, which I can't seem to resolve.

My setup:

Router/Hotspot on network A

Webserver on network B

What I am trying to do, is... The user inputs his email into the Hotspot entry page, and when he clicks submit, the email is sent to the webserver (currently using XAMPP), this is where the CORS problem occures.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://myIpAddress:8080/DBinsert.php. (Reason: CORS header 'Access-Control-Allow-Origin' missing.

Perviously I had header('Access-Control-Allow-Origin: *'); set and I had no CORS problems...

I have tried adding this code to the very beginning of my php, but it still doesn't work...

header('Access-Control-Allow-Origin: http://10.5.50.*');

I have also tried

header('Access-Control-Allow-Origin: http://10.5.50.*:8080');

and it doesn't work...

The computers IP is 10.5.50.3

Any help and explenations would be welcome.

Thank you.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

karivictoriab

Add To Favorites

Follow

Total Points: 530

Total Questions: 90

Total Answers: 95

Location: Honduras

Member since Sun, Dec 26, 2021

2 Years ago

karivictoriab questions

1 JSX props should not use arrow functions eslint warning

Wed, Feb 10, 21, 00:00, 3 Years ago

1 How to scroll and expand an Accordion by onClick on an icon from a component?

Fri, Aug 21, 20, 00:00, 4 Years ago

1 Hide all labels and tooltips in Chart.js and make it very small size

Wed, Apr 8, 20, 00:00, 4 Years ago

1 VueJs clear form after success

Mon, Dec 30, 19, 00:00, 5 Years ago

1 CryptoJS decryption Malformed UTF-8 data error

Fri, Nov 29, 19, 00:00, 5 Years ago

View All

answered 4 Years ago clarkulisesa · Accepted Answer

Access-Control-Allow-Origin response-header values must either be the single character * or else an exact origin value, such as http://10.5.50.3.

Unless the Access-Control-Allow-Origin value is just the character *, then browsers do an exact match against the literal value of the header; therefore, 10.5.50.* (for example) won’t match anything — because browsers don’t interpret the asterisk in 10.5.50.* as a wildcard.

Note: Access-Control-Allow-Origin values must include the protocol part; so http://10.5.50.3 is a valid value for the header, but 10.5.50.3 would not be.