Edit report at https://bugs.php.net/bug.php?id=64174&edit=1
ID: 64174 Updated by: google...@php.net Reported by: php dot net at dzubak dot sk Summary: AJAX request blocked for bad origin Status: Assigned Type: Bug Package: Website problem PHP Version: Irrelevant Assigned To: googleguy Block user comment: N Private report: N New Comment: $_SERVER['HTTP_HOST'] is a user supplied header and would be unreliable here. The issue here is that php.net and www.php.net are the same thing in terms of which server you're connecting to, but unfortunately they won't be seen as one and the same by your client UA. If infrastructure would have allowed for a better solution I probably would have used it. Previous Comments: ------------------------------------------------------------------------ [2013-03-09 21:08:18] php dot net at dzubak dot sk Isnt it possible to have dynamic origin, based on $_SERVER['HTTP_HOST'] ? ------------------------------------------------------------------------ [2013-03-09 21:00:47] google...@php.net Unfortunately, there's not much I can do about this as this works fine when using the domain www.php.net, but will result in the aforementioned "not allowed by Access-Control-Allow-Origin" error when using the domain php.net. Since php.net and www.php.net are seen as different hosts the javascript simply uses whatever host is relative to the page you're on. For example, we have dozens of mirrors like us.php.net, ca.php.net, uk.php.net, and since they all use different domains I had to keep the javascript relative to the host being used. This just means that when you visit http://php.net and not http://www.php.net you get this problem. I'm afraid I have no real solution to this problem and it's one we're just going to have to live with unless someone can come up with a better idea. ------------------------------------------------------------------------ [2013-02-23 13:46:29] florinpatan at gmail dot com Request URL:http://www.php.net/manual/vote-note.php?id=99646&page=memcached.sessions&vote=up Request Method:POST Status Code:200 OK Request Headers Accept:application/json, text/javascript, */*; q=0.01 Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3 Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Connection:keep-alive Content-Length:0 Cookie:COUNTRY=ROM%2C79.119.87.98; LAST_LANG=en Host:www.php.net Origin:http://www.php.net Referer:http://www.php.net/manual/en/memcached.sessions.php User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22 X-Json:On X-Requested-With:XMLHttpRequest Query String Parameters id:99646 page:memcached.sessions vote:up Response Headers Connection:close Content-Encoding:gzip Content-language:en Content-Length:106 Content-Type:text/html; charset=utf-8 Date:Sat, 23 Feb 2013 13:46:04 GMT Server:Apache/2.2.21 (FreeBSD) mod_ssl/2.2.21 OpenSSL/0.9.8q PHP/5.4.11-dev Vary:User-Agent,Accept-Encoding X-Powered-By:PHP/5.4.11-dev Response from the website: {"success":false,"msg":"Unable to complete your request at this time. Please try again later..."} Same thing happens when using Opera. ------------------------------------------------------------------------ [2013-02-20 18:19:19] tyr...@php.net assigning it to Sherif ------------------------------------------------------------------------ [2013-02-08 16:02:42] php dot net at dzubak dot sk Description: ------------ I wanted to vote for comment, but i recieved this nice red X icon. So i investigated and i found error in Chrome console: XMLHttpRequest cannot load http://www.php.net/manual/vote-note.php? id=13494&page=function.setlocale&vote=up. Origin http://php.net is not allowed by Access-Control-Allow-Origin. So, I was using *php.net* domain, but there is this Origin thing blocking AJAX request from domains other than *WWW.php.net*. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64174&edit=1 -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
