xhr.setRequestHeader(Authorization, hashStr)I also noticed that you added the Access-Control-Allow-Origin header to your request.
Either use the same domain, or add the CORS headers, enable cross-origin resource sharing. The blue parts I marked above were the kernal facts, "Origin" request header "indicates where the cross-origin request or preflight request originates from", the " Access-Control-Allow-Origin" response header indicates this page allows remote request from DomainA Access-Control-Allow-Origin in htaccess. 2016-06-10 18:30 Zero Wing imported from Stackoverflow.I have narrowed the area that the headers may originate, down to a reverse proxy service called rhttpproxy, or httpd, but cant get much farther than that without a lot of digging through Send the request to send-ajax-data.php xhr.send(null)Origin null is not allowed by Access-Control-Allow-Origin.Basically, when you make a CORS request, browser adds Origin header with the current domain value. Thought I wanted to collect a list of Access-Control-Allow-Origin fixes when doing Ajax calls..support.cors true .post(myServer:63373/api/SendData?callback?, function (data, status, xhr))One Comment. Add yours .
Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1 modeblock" . Always set these headers for CORS. Header add Access-Control-Allow-Origin "" Header addmyXhr .ajaxSettings.xhr()You can try skip if clause and just add Header set Access-Control-Allow- Origin "" in your config, then it should throw error during start if modheaders is not active. Header set Access-Control-Allow-Origin "" Header set Access-Control- Allow-Methods POST,GET,DELETE,PUT,OPTIONS Header set Access-Control-Allow-Headers X-Requested-With. The Apache errorlog responds with the following error Just a quick reminder on Access-Control-Allow-Origin firstAccess-Control-Allow-Origin. So, in order to use it, you need to set the correct headers. In your .htaccess or Apache webserver configuration, add headers like these. Otherwise, add a single Access-Control-Allow-Origin header, with either the value of the Origin header or the string "" as value.[XHR]. CORS API specifications also need to ensure not to reveal anything until the cross-origin request status is set to preflight complete or success to prevent e.g