CORS policy

Seems like all data is uploaded right in my site…
In my home’s PC all is ok, but in epizy I get this error: Access to XMLHttpRequest at … (redirected from …) from origin ‘’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The ‘Access-Control-Allow-Origin’ header has a value ‘…infinityfree…’ that is not equal to the supplied origin.

How can I resolve this issue?
Thanks in advance.

Yes it is blocked by the security system, you can’t fix it.

So, the solution is find another place to put my little site?

Probably? Btw, what is your little site (content)? Read more:

My site is only for manage a clients database for my personal working.
I use AJAX and a file to redirect between menu choises.
I access nothing outside this little site, it’s only for have a clients database and manage data from their problems at my work…
Nothing illegal nor out the site…
I don’t understand this block, there’s nothing bad with the site…

Clearly stated… make sure you read it…

But YES!
All is in the same site!
The provider blocks contents interaction in the same site!
I think is only a conflict definition but I cannot solve it…

I doubt so. Please check all the links and resources carefully.
The initial login page looks ok. Likely the error will appear after successful login


Please ignore everything that has been said so far, it’s completely irrelevant to your site. It’s a common error that often gets parroted, regardless of how wrong it’s been proven time and time again.

It’s a common mistake that all CORS errors are related to the browser validation system. But that only applies if you’re trying to embed things FROM your site INTO other sites.

If you get a CORS error without any cross site stuff, then the problem is something else. This is not a secret, just documented behavior that everyone seems to ignore. Please see the section " Why do I get a CORS error on the 404 error page" in this article for a bit more information:

In your particular case, it’s not a 404 error, but a 403 error. And looking at the Network tab in my browser, I see that this error is generated by this URL:

The reason of this is that the folder includes is not web accessible on our hosting. I don’t know exactly when or why this was done, but the gist is that the includes folder should only be used for PHP scripts that are PHP included into other scripts on your site.

So fixing this is simple: just move that script, and any other script that’s supposed to be accessed by browsers, out of that folder. If you put it in the base folder of your website, or in another folder (like actions), you’ll be able to access it without any problems.


I moved funcs.php to the home directory and I cannot resolve the problem…
I really don’t understand that…
All is without errors, where at my home there´s no problems with the code…

I would love to check this for you, but I can’t, since you deleted every file from your website. Please re-upload the files, and make sure there placement (And reference in the code) is correct.

1 Like

I’d be happy to check, but it seems like the entire htdocs folder of your site is gone now.

Please make sure to move the funcs.php to the htdocs folder of your site then, not the home folder of your account.

And your code will work fine here as well. The key difference between your home and our servers is the security restrictions on using includes as a folder name. So as long as you put your web accessible files in a folder called anything other than includes, I’m sure you’ll have no problems in making them work here.

1 Like