Using your API across domains

Learning is a very tight journey that never ends. Recently I faced an error never met before, on accessing a resource on a different domain via HTTP.

The error was about a browser block because of a missing header in the response, so digging about this thing I came up with its explanation, that you can find here .

This involves CORS (Cross-Origin Resource Sharing) and it restricts access to resource on the server, if they are made from scripts in different domains, for security reasons.

So if you are building an API and you want to consume it from a different domain, you must place an additional header in the response to allow the browser to get the data.

Fairly simple you should put header('Access-Control-Allow-Origin', '*') in your response headers, and replace * with the domain(s) you want to allow, if you want to enable only a few domains (* means anyone can access it).

Rispondi

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo di WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione /  Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione /  Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione /  Modifica )

Connessione a %s...