CORS issue

I have set the headers for Access-Control- Allow-Origin, Access-Control- Allow-Headers, Access-Control- Allow-Methods, but i’m still getting CORS error

“Access to XMLHttpRequest at ‘’ (redirected from ‘my website’s ajax-chatdisp.php file’) from origin ‘my website’ has been blocked by CORS policy: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers in preflight response. jquery.js:2 GET infinityfree error page::ERR_FAILED”"

ajax-chatdisp.php file is

<?php header("Access-Control-Allow-Origin:"); header('Access-Control-Allow-Methods: GET, DELETE, HEAD, OPTIONS,POST'); header("Access-Control-Allow-Headers: X-Requested-With"); $conn=mysqli_connect("","if0_36289146","rjcoWTSUnr1G3","if0_36289146_Webchatter") or die("connection failled"); $sender_id=$_POST['admin_id']; $receiver_id=$_POST['userct_id']; $upsql="SELECT * from message order by dateT"; $result1=mysqli_query($conn, $upsql); while($row=mysqli_fetch_assoc($result1)){ //send messages if($row['sender_id']===$sender_id && $row['receiver_id']===$receiver_id ) { if ($row['files']==="") {.... In Ajax request i'm using method type POST same error i'm getting for my one other (ajax-chatbar.php) file too, there also i have included these headers but nothing is working. Please help because on 22 of april i have to submit this project

The word chat is not allowed in our hosting.

You can circumvent this by renaming that file to not contain the word chat — but this doesn’t mean that it’s OK to host chat scripts here.

As why your CORS headers settings don’t take effect, I don’t know exactly. What I know is that our 403 don’t allowed to be requested from another source, and apparently you cannot set security headers on our pages.


@Shivendra you posted your password publicly !


Hmm I didn’t noticed that while posting but I will change it, thanks for notifying me

1 Like

thanks it worked but I will keep in what you have said. This’s a live chat web application, something like whatapp and it’s just a collage project not a real project.

A rule is a rule. No matter what kind of excuse you use to wrap up your use case, it’s not going to justify it if it’s a live chat. This is because live chat hogs resources, and you probably would run into the hit limit before any real staff shut it down.

That is to say, by dropping the word “live” and turn it into a forum is 100% accepted and allowed. Is your site actually live?


yes it is live but still there are some bugs and some features are still remaining to be added. It is not fully developed yet, I’m currently working on it.

I have reset your hosting account password, because you shared your password here. Feel free to change it from the client area, just make sure to no reuse the previous password as it’s now compromised.

You will probably need to update your website’s code/configuration to use the new password.

Please remember that:

  • This is a publicly accessible forum. Anything you write here can be seen by anyone. So make sure to not publish any sensitive information here.
  • Do not share your hosting account password with anyone. It provides full access to your hosting account, letting them edit anything on your website.

Chat scripts are not allowed on our hosting. There is no exception for educational use, testing or any other non-production usage.


Ok, thanks

After representing this project in my college on 22 i will remove it after some day.

As you have been informed:

Ignore this at your own risk, as hosting a chat script here for any purpose will result in a suspension.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.