These three headers are added using PHP
header('Content-Type: application/json; charset=UTF-8;'); header('Access-Control-Allow-Methods: GET, POST'); header('Access-Control-Allow-Origin: *');
All the headers sent are:
HTTP/1.1 200 OK Date: Mon, 30 Jun 2014 06:39:29 GMT Server: Apache X-Powered-By: PHP/5.3.28 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Origin: * Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Cache-Control: max-age=1, private, must-revalidate Content-Length: 20 Keep-Alive: timeout=3, max=100 Connection: Keep-Alive Content-Type: application/json; charset=UTF-8;
Yet when trying to use $.json or $.post to target this server, I get this error in the Chrome Console:
XMLHttpRequest cannot load http://cms.webdevguru.co.uk/gurucms.php?mode=addto&apikey=606717496665bcba. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://remote.webdevguru.co.uk' is therefore not allowed access.
I know this is a possible duplicate of a few other questions, but since I have gone through many of them and tried a few things out of them to try and fix this: I would appreciate some specific replies to deal with my issue at hand.
As Joachim Isaksson figured out, its because the initial headers consist of a 301 Redirect, is there any way to force the request to follow the Redirect before checking for the Access-Control-Allow-Origin headers?
The reason CORS isn't working is that your link gives a "301 Moved Permanently" without a CORS header, redirecting to another link.
The link it redirects to sends the header, however it seems CORS has already given up the preflight on the first response.
Passing back a "Access-Control-Allow-Origin" header with the 301 may solve your problem, that should allow the preflight to continue.