I'm trying to make a simple cross-origin request, and Firefox is consistently blocking it with this error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [url]. This can be fixed by moving the resource to the same domain or enabling CORS. [url]
It works fine in Chrome and Safari.
As far as I can tell I've set all the correct headers on my PHP to allow this to work. Here's what my server is responding with
HTTP/1.1 200 OK
Date: Mon, 23 Jun 2014 17:15:20 GMT
Server: Apache/2.2.22 (Debian)
X-Powered-By: PHP/5.4.4-14+deb7u8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Request-Headers: X-Requested-With, accept, content-type
Vary: Accept-Encoding
Content-Length: 186
Content-Type: text/html
I've tried using Angular, JQuery and a basic XMLHTTPRequest object, like so:
var data = "id=1234"
var request = new XMLHttpRequest({mozSystem: true})
request.onload = onSuccess;
request.open('GET', 'https://myurl.com' + '?' + data, true)
request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded')
request.send()
...and it works in everything that isn't Firefox. Can anyone help with this at all?
Turns out this has nothing to do with CORS- it was a problem with the security certificate. Misleading errors = 4 hours of headaches.
Just a word of warnings. I finally got around the problem with Firefox and CORS.
The solution for me was this post
However Firefox was behaving really, really strange after setting those headers on the Apache server (in the folder .htaccess).
I added a lot of console.log("Hi FF, you are here A") etc to see what was going on.
At first it looked like it hanged on xhr.send(). But then I discovered it did not get to the this statement. I placed another console.log right before it and did not get there - even though there was nothing between the last console.log and the new one. It just stopped between two console.log.
Reordering lines, deleting, to see if there was any strange character in the file. I found nothing.
Restarting Firefox fixed the trouble.
Yes, I should file a bug. It is just that it is so strange so don't know how to reproduce it.
NOTICE: And, oh, I just did the Header always set parts, not the Rewrite* part!
I found that my problem was: that the server i've send the cross request to had a certificate that was not trusted.
If you want to connect to a cross domain with https (firefox), you have to add the exeption for this certificate first.
You can do this, by visit the blocked link once and add the exception.
hope this helps someone!