2

Seriously, I can't find a single page discussing this for litespeed.

Using this format in the htaccess "Header set Access-Control-Allow-Origin http://aSite.com" (and https) sends the setting in the http response header, but I still get the "XMLHttpRequest cannot load https://aSite.com/aFile.php. Origin aSite.com is not allowed by Access-Control-Allow-Origin" error when trying to access https from http origin. Also, I receive no response header for https, only that message shows up in Chrome.

Is the server still blocking it even though I've sent the proper headers?

I read elsewhere that it helps to add these terms

Access-Control-Allow-Headers X-Requested-With
Access-Control-Allow-Methods OPTIONS, GET, POST
Access-Control-Allow-Headers Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control

but I don't see these in my headers.

Using these, my PHP files aren't even reached (because they register no errors or anything), so it looks like it comes from the server only, but what do I know.

Thanks in advance!

Update

Since no response header, Prashant seems to suggest it's a server issue in his error since it worked on another server. https://stackoverflow.com/questions/11953132/no-response-obtained-while-implementing-cors

Anyone know how to flip this switch?

Headers work now

Bad litespeed format. Should look like this. Still being denied though.

Header set Access-Control-Allow-Headers X-Requested-With
Header set Access-Control-Allow-Methods OPTIONS
Header set Access-Control-Allow-Methods GET
Header set Access-Control-Allow-Methods POST
Header set Access-Control-Allow-Headers Content-Type
Header set Access-Control-Allow-Headers Depth
Header set Access-Control-Allow-Headers User-Agent
Header set Access-Control-Allow-Headers X-File-Size
Header set Access-Control-Allow-Headers X-Requested-With
Header set Access-Control-Allow-Headers If-Modified-Since
Header set Access-Control-Allow-Headers X-File-Name
Header set Access-Control-Allow-Headers Cache-Control

1 Answers1

1

The problem's with Chrome.

If you add more than one ACAO, Chrome doesn't know what to do with it.

It also seems to be the case for any other header related to CORS.