I have set the headers for Access-Control- Allow-Origin, Access-Control- Allow-Headers, Access-Control- Allow-Methods, but i’m still getting CORS error
“Access to XMLHttpRequest at ‘https://errors.infinityfree.net/errors/403/’ (redirected from ‘my website’s ajax-chatdisp.php file’) from origin ‘my website’ has been blocked by CORS policy: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers in preflight response. jquery.js:2 GET infinityfree error page::ERR_FAILED”"
ajax-chatdisp.php file is
<?php
header("Access-Control-Allow-Origin: https://webchatter.000.pe");
header('Access-Control-Allow-Methods: GET, DELETE, HEAD, OPTIONS,POST');
header("Access-Control-Allow-Headers: X-Requested-With");
$conn=mysqli_connect("sql104.infinityfree.com","if0_36289146","rjcoWTSUnr1G3","if0_36289146_Webchatter") or die("connection failled");
$sender_id=$_POST['admin_id'];
$receiver_id=$_POST['userct_id'];
$upsql="SELECT * from message order by dateT";
$result1=mysqli_query($conn, $upsql);
while($row=mysqli_fetch_assoc($result1)){
//send messages
if($row['sender_id']===$sender_id && $row['receiver_id']===$receiver_id ) {
if ($row['files']==="") {....
In Ajax request i'm using method type POST
same error i'm getting for my one other (ajax-chatbar.php) file too, there also i have included these headers but nothing is working.
Please help because on 22 of april i have to submit this project
You can circumvent this by renaming that file to not contain the word chat — but this doesn’t mean that it’s OK to host chat scripts here.
As why your CORS headers settings don’t take effect, I don’t know exactly. What I know is that our 403 don’t allowed to be requested from another source, and apparently you cannot set security headers on our pages.
thanks it worked but I will keep in what you have said. This’s a live chat web application, something like whatapp and it’s just a collage project not a real project.
A rule is a rule. No matter what kind of excuse you use to wrap up your use case, it’s not going to justify it if it’s a live chat. This is because live chat hogs resources, and you probably would run into the hit limit before any real staff shut it down.
That is to say, by dropping the word “live” and turn it into a forum is 100% accepted and allowed. Is your site actually live?
yes it is live but still there are some bugs and some features are still remaining to be added. It is not fully developed yet, I’m currently working on it.
I have reset your hosting account password, because you shared your password here. Feel free to change it from the client area, just make sure to no reuse the previous password as it’s now compromised.
You will probably need to update your website’s code/configuration to use the new password.
Please remember that:
This is a publicly accessible forum. Anything you write here can be seen by anyone. So make sure to not publish any sensitive information here.
Do not share your hosting account password with anyone. It provides full access to your hosting account, letting them edit anything on your website.
Chat scripts are not allowed on our hosting. There is no exception for educational use, testing or any other non-production usage.