I solved the problem adding to Apache Web Server virtual host configuration the following settings

    Header set Access-Control-Allow-Origin &quot;*&quot;
    Header set Access-Control-Allow-Headers &quot;Origin, X-Requested-With, Content-Type, Accept&quot;

Solution for PHP:

    header(&#39;Access-Control-Allow-Origin: *&#39;);
    header(&#39;Access-Control-Allow-Methods: POST,GET,OPTIONS&#39;);
    header(&#39;Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept&#39;);

(Need to send that before any other content)

Set up CORS (Cross-site HTTP Requests) in node. For me it looks like the following:

  

    app.use(&#39;/api&#39;, function(req, res, next) {
      res.header(&#39;Access-Control-Allow-Origin&#39;, &#39;*&#39;);
      res.header(&#39;Access-Control-Allow-Headers&#39;, &#39;X-Requested-With, Content-Type&#39;);
      next();
    });

for nginx


    location / {
        proxy_pass http://localhost:59100;
        proxy_http_version 1.1;
        # proxy_set_header Upgrade $http_upgrade;
        # proxy_set_header Connection &#39;upgrade&#39;;
        proxy_set_header Host $host;

        # Simple requests
        if ($request_method ~* &quot;(GET|POST)&quot;) {
          add_header &quot;Access-Control-Allow-Origin&quot;  *;
        }

        # Preflighted requests
        if ($request_method = OPTIONS ) {
          add_header &quot;Access-Control-Allow-Origin&quot;  *;
          add_header &quot;Access-Control-Allow-Methods&quot; &quot;GET, POST, OPTIONS, HEAD&quot;;
          add_header &quot;Access-Control-Allow-Headers&quot; &quot;Authorization, Origin, X-Requested-With, Content-Type, Accept&quot;;
        }

        # proxy_cache_bypass $http_upgrade;
        # add_header Access-Control-Allow-Origin *;
        # add_header Access-Control-Allow-Headers Content-Type;
    }

see
https://distinctplace.com/2017/04/17/nginx-access-control-allow-origin-cors/


I had the same problem and I solved it by adding the following header:
Access-Control-Allow-Headers: content-type

To me with PHP, localy works even if i set only this header setting:

`header(&#39;Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept&#39;);`

I&#39;m new to PHP and the whole LAMP stack but I&#39;ve managed to get it up and running on my Ubuntu 10.10 system. Everything seems to be working with the exception of error reposting in the browser which I just can&#39;t seem to get working (and which I can&#39;t work without!).

I&#39;ve read a number of article and other threads which indicate that the following values should be applied in the file `/etc/php5/apache2/php.ini`:

 - `display_errors = On`
 - `display_startup_errors = On`

I&#39;ve restarted apache2 and even restarted my computer but for the life of me I just can&#39;t get it working. I&#39;ve even tried using `phpinfo()` function which reports that these settings are as I&#39;ve set them so I know it&#39;s picking up the correct configuration file but nothing!

Any help would be welcome.

PHP errors NOT being displayed in the browser [Ubuntu 10.10]

I am using [Mustache](http://mustache.github.com/) and using the data

    { &quot;names&quot;: [ {&quot;name&quot;:&quot;John&quot;}, {&quot;name&quot;:&quot;Mary&quot;} ] }

My mustache template is:

    {{#names}}
        {{name}}
    {{/names}}

What I want to be able to do is to get an index of the current number in the array. Something like:

    {{#names}}
        {{name}} is {{index}}
    {{/names}}

and have it print out

    John is 1
    Mary is 2

Is it possible to get this with Mustache? or with Handlebars or another extension?
    

In Mustache, How to get the index of the current Section

I am getting this error in Chrome when trying to send an ajax request:

    Content-Type is not allowed by Access-Control-Allow-Headers

Everything works fine in Firefox. 

Can anyone help me to resolve this issue?


Error: Content-Type is not allowed by Access-Control-Allow-Headers

I am getting this error in Chrome when trying to send an ajax request:
<pre><code class="hljs language-csharp">Content-Type is not allowed by Access-Control-Allow-Headers
</code></pre>
Everything works fine in Firefox.
Can anyone help me to resolve this issue?

I want to send a string as an ajax Post parameter.

The following code:

	$.ajax({
	   type: &quot;POST&quot;,
	   url: &quot;http://nakolesah.ru/&quot;,
	   data: &#39;foo=bar&amp;ca$libri=no$libri&#39;,
	   success: function(msg){
		 alert(&#39;wow&#39;+msg);
	   }
	});

Is not working. Why?

jQuery send string as POST parameters

    &lt;meta http-equiv=&quot;Refresh&quot; Content=&quot;5&quot;&gt;
This script reloads or refresh the page after every 5 seconds. But I want to do it using jQuery and AJAX call. Is it possible? 

How to fire AJAX request Periodically?

This seems to be a black hole: After an hour of searching the [jQuery UI][1] website, Stack&amp;nbsp;Overflow, and googling, I&#39;ve yet to find the most basic information of how to write the *server side* of the AutoComplete.

What parameter is passed to the server and what should the JSON response look like?

I must be missing something, because how did everyone else learn how to do this? Sites only seem to discuss the client-side JavaScript code and never the protocol or server-side examples.

I need enough to get the simplest remote example working.

  [1]: http://en.wikipedia.org/wiki/JQuery_UI


What does autocomplete request/server response look like?

I&#39;m writing an application in which I&#39;d like to have near real time collaborative editing features for documents (Very similar to Google Documents style editing).

I&#39;m aware of how to keep track of cursor position, that&#39;s simple. Just poll the server ever half second or second with the current user id, filename, line number and row number which can be stored in a database, and the return value of this polling request is the position of other user&#39;s cursors.

What I don&#39;t know how to do is update the document in such a way that it won&#39;t throw your cursor off and force a full reload as that would be far to slow for my purposes.

This really only has to work in Google Chrome, preferably Firefox as well. I don&#39;t need to support any other browser.

Real time collaborative editing - how does it work?

I could use some help complying with Django&#39;s CSRF protection mechanism via my AJAX post. I&#39;ve followed the directions here:

http://docs.djangoproject.com/en/dev/ref/contrib/csrf/

I&#39;ve copied the AJAX sample code they have on that page exactly:

http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax

I put an alert printing the contents of `getCookie(&#39;csrftoken&#39;)` before the `xhr.setRequestHeader` call and it is indeed populated with some data. I&#39;m not sure how to verify that the token is correct, but I&#39;m encouraged that it&#39;s finding and sending something.

But Django is still rejecting my AJAX post.

Here&#39;s my JavaScript:

    $.post(&quot;/memorize/&quot;, data, function (result) {
        if (result != &quot;failure&quot;) {
            get_random_card();
        }
        else {
            alert(&quot;Failed to save card data.&quot;);
        }
    });

Here&#39;s the error I&#39;m seeing from Django:

&gt; [23/Feb/2011 22:08:29] &quot;POST /memorize/ HTTP/1.1&quot; 403 2332

I&#39;m sure I&#39;m missing something, and maybe it&#39;s simple, but I don&#39;t know what it is.  I&#39;ve searched around SO and saw some information about turning off the CSRF check for my view via the `csrf_exempt` decorator, but I find that unappealing.  I&#39;ve tried that out and it works, but I&#39;d rather get my POST to work the way Django was designed to expect it, if possible.

Just in case it&#39;s helpful, here&#39;s the gist of what my view is doing:

    def myview(request):

        profile = request.user.profile

        if request.method == &#39;POST&#39;:
            &quot;&quot;&quot;
            Process the post...
            &quot;&quot;&quot;
            return HttpResponseRedirect(&#39;/memorize/&#39;)
        else: # request.method == &#39;GET&#39;

            ajax = request.GET.has_key(&#39;ajax&#39;)

            &quot;&quot;&quot;
            Some irrelevent code...
            &quot;&quot;&quot;

            if ajax:
                response = HttpResponse()
                profile.get_stack_json(response)
                return response
            else:
                &quot;&quot;&quot;
                Get data to send along with the content of the page.
                &quot;&quot;&quot;

            return render_to_response(&#39;memorize/memorize.html&#39;,
                    &quot;&quot;&quot; My data &quot;&quot;&quot;
                    context_instance=RequestContext(request))


Thanks for your replies!

Django CSRF check failing with an Ajax POST request

I&#39;m trying to make a Cross Origin post request, and I got it working in plain `JavaScript` like this:

    var request = new XMLHttpRequest();
    var params = &quot;action=something&quot;;
    request.open(&#39;POST&#39;, url, true);
    request.onreadystatechange = function() {if (request.readyState==4) alert(&quot;It worked!&quot;);};
    request.setRequestHeader(&quot;Content-type&quot;, &quot;application/x-www-form-urlencoded&quot;);
    request.setRequestHeader(&quot;Content-length&quot;, params.length);
    request.setRequestHeader(&quot;Connection&quot;, &quot;close&quot;);
    request.send(params);
   

But I would like to use `jQuery`, but I can&#39;t get it to work. This is what I&#39;m trying:

    $.ajax(url, {
        type:&quot;POST&quot;,
        dataType:&quot;json&quot;,
        data:{action:&quot;something&quot;}, 
        success:function(data, textStatus, jqXHR) {alert(&quot;success&quot;);},
        error: function(jqXHR, textStatus, errorThrown) {alert(&quot;failure&quot;);}
    });

This results in Failure. If anyone knows why `jQuery` doesn&#39;t work, please let us all know. Thanks.

(I&#39;m using `jQuery` 1.5.1, and Firefox 4.0, and my server is responding with a proper `Access-Control-Allow-Origin` header)

A CORS POST request works from plain JavaScript, but why not with jQuery?

I have a machine on my local lan (machineA) that has two web servers.  The first is the in-built one in XBMC (on port 8080) and displays our library.  The second server is a CherryPy python script (port 8081) that I am using to trigger a file conversion on demand.  The file conversion is triggered by a AJAX POST request from the page served from the XBMC server.

 - Goto http://machineA:8080 which displays library
 - Library is displayed
 - User clicks on &#39;convert&#39; link which issues the following command - 

jQuery Ajax Request

    $.post(&#39;http://machineA:8081&#39;, {file_url: &#39;asfd&#39;}, function(d){console.log(d)})

 - The browser issues a HTTP OPTIONS request with the following headers;

**Request Header - OPTIONS**

    Host: machineA:8081
    User-Agent: ... Firefox/4.01
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Connection: keep-alive
    Origin: http://machineA:8080
    Access-Control-Request-Method: POST
    Access-Control-Request-Headers: x-requested-with

 - The server responds with the following;

**Response Header - OPTIONS (STATUS = 200 OK)**

    Content-Length: 0
    Access-Control-Allow-Headers: *
    Access-Control-Max-Age: 1728000
    Server: CherryPy/3.2.0
    Date: Thu, 21 Apr 2011 22:40:29 GMT
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: POST, GET, OPTIONS
    Content-Type: text/html;charset=ISO-8859-1

 - The conversation then stops.  The browser, should in theory, issue a POST request as the server responded with the correct (?) CORS headers (Access-Control-Allow-Origin: *)

For troubleshooting, I have also issued the same $.post command from http://jquery.com.  This is where I am stumped, from jquery.com, the post request works, a OPTIONS request is sent following by a POST.  The headers from this transaction are below;

**Request Header - OPTIONS**

    Host: machineA:8081
    User-Agent: ... Firefox/4.01
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Connection: keep-alive
    Origin: http://jquery.com
    Access-Control-Request-Method: POST

**Response Header - OPTIONS (STATUS = 200 OK)**

    Content-Length: 0
    Access-Control-Allow-Headers: *
    Access-Control-Max-Age: 1728000
    Server: CherryPy/3.2.0
    Date: Thu, 21 Apr 2011 22:37:59 GMT
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: POST, GET, OPTIONS
    Content-Type: text/html;charset=ISO-8859-1

**Request Header - POST**

    Host: machineA:8081
    User-Agent: ... Firefox/4.01
    Accept: */*
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Connection: keep-alive
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Referer: http://jquery.com/
    Content-Length: 12
    Origin: http://jquery.com
    Pragma: no-cache
    Cache-Control: no-cache

**Response Header - POST (STATUS = 200 OK)**

    Content-Length: 32
    Access-Control-Allow-Headers: *
    Access-Control-Max-Age: 1728000
    Server: CherryPy/3.2.0
    Date: Thu, 21 Apr 2011 22:37:59 GMT
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Methods: POST, GET, OPTIONS
    Content-Type: application/json

I can&#39;t work out why the same request would work from one site, but not the other.  I am hoping someone might be able to point out what I am missing.  Thanks for your help!



How to get a cross-origin resource sharing (CORS) post request working

A simple GET request with no custom headers. The response is returned as expected. The data in the body is accessible, but not the headers.

When I try to access the &quot;etag&quot; header, browsers raise an exception :
&gt; Refused to get unsafe header &quot;etag&quot;

Chrome, Safari and Firefox all behave the same. I didn&#39;t test it on IE.

What am I missing here?

Cross Domain Resource Sharing GET: &#39;refused to get unsafe header &quot;etag&quot;&#39; from Response

I read a lot for the &#39;Access-Control-Allow-Origin&#39; error, but I don&#39;t understand what I have to fix :(

I&#39;m playing with Google Moderator API, but when I try to [add new serie][1] I receive:

    XMLHttpRequest cannot load 
    https://www.googleapis.com/moderator/v1/series?key=[key]
    &amp;data%5Bdescription%5D=Share+and+rank+tips+for+eating+healthily+on+the+cheaps!
    &amp;data%5Bname%5D=Eating+Healthy+%26+Cheap
    &amp;data%5BvideoSubmissionAllowed%5D=false. 
    Origin [my_domain] is not allowed by Access-Control-Allow-Origin.

I tried with and without callback parameter, I tried to add &#39;Access-Control-Allow-Origin *&#39; to the header. And I don&#39;t know how to use $.getJSON here, if apply, because I have to add the Authorization header and I don&#39;t know how to do it without beforeCall from $.ajax :/ 

Any light for this darkness u.u?

That&#39;s the code:

    &lt;script src=&quot;http://www.google.com/jsapi&quot;&gt;&lt;/script&gt;

    &lt;script type=&quot;text/javascript&quot;&gt;

    var scope = &quot;https://www.googleapis.com/auth/moderator&quot;;
    var token = &#39;&#39;;

    function create(){
         if (token == &#39;&#39;)
          token = doCheck();

         var myData = {
	      &quot;data&quot;: {
	    	&quot;description&quot;: &quot;Share and rank tips for eating healthily on the cheaps!&quot;, 
	    	&quot;name&quot;: &quot;Eating Healthy &amp; Cheap&quot;, 
	    	&quot;videoSubmissionAllowed&quot;: false
	      }
	    };
	
	    $.ajax({

	    	url: &#39;https://www.googleapis.com/moderator/v1/series?key=&#39;+key,
	    	type: &#39;POST&#39;,
	    	callback: &#39;?&#39;,
	    	data: myData,
	    	datatype: &#39;application/json&#39;,
	    	success: function() { alert(&quot;Success&quot;); },
	    	error: function() { alert(&#39;Failed!&#39;); },
	    	beforeSend: setHeader

	    });
    }
    
    function setHeader(xhr) {

      xhr.setRequestHeader(&#39;Authorization&#39;, token);
    }

    function doLogin(){	
	    if (token == &#39;&#39;){
 	       token = google.accounts.user.login(scope);
    	}else{
    	   alert(&#39;already logged&#39;);
    	}
    }


    function doCheck(){				
	    token = google.accounts.user.checkLogin(scope);
        return token;
    }
    &lt;/script&gt;
    ...
    ...
    &lt;div data-role=&quot;content&quot;&gt;
        &lt;input type=&quot;button&quot; value=&quot;Login&quot; onclick=&quot;doLogin();&quot;&gt;
    	&lt;input type=&quot;button&quot; value=&quot;Get data&quot; onclick=&quot;getModerator();&quot;&gt;
        &lt;input type=&quot;button&quot; value=&quot;Create&quot; onclick=&quot;create();&quot;&gt;
    &lt;/div&gt;&lt;!-- /content --&gt;


  [1]: http://code.google.com/apis/moderator/v1/using_rest.html#CreatingSeries

Access-Control-Allow-Origin error sending a jQuery Post to Google API&#39;s

I have a simple actionmethod, that returns some json. It runs on ajax.example.com. I need to access this from another site someothersite.com.

If I try to call it, I get the expected...:

    Origin http://someothersite.com is not allowed by Access-Control-Allow-Origin.

I know of two ways to get around this: [JSONP][1] and creating a [custom HttpHandler][2] to 
set the header.

Is there no simpler way?

Is it not possible for a simple action to either define a list of allowed origins - or simple allow everyone? Maybe an action filter?

Optimal would be...:

    return json(mydata, JsonBehaviour.IDontCareWhoAccessesMe);


  [1]: https://stackoverflow.com/questions/5968682/jquery-ajax-json-cross-domain-request-and-asp-net-mvc
  [2]: http://tpeczek.blogspot.com/2010/09/httphandler-with-cross-origin-resource.html

Content Type	Original Author	Original Content on Stackoverflow
Question	Vinay Verma	View Question on Stackoverflow
Solution 1 - Ajax	Giulio Roggero	View Answer on Stackoverflow
Solution 2 - Ajax	BlaM	View Answer on Stackoverflow
Solution 3 - Ajax	GentryRiggen	View Answer on Stackoverflow
Solution 4 - Ajax	dcsan	View Answer on Stackoverflow
Solution 5 - Ajax	Van Coding	View Answer on Stackoverflow
Solution 6 - Ajax	Pauls Bebris	View Answer on Stackoverflow

Error: Content-Type is not allowed by Access-Control-Allow-Headers

Ajax Problem Overview

Ajax Solutions

Solution 1 - Ajax

Solution 2 - Ajax

Solution 3 - Ajax

Solution 4 - Ajax

Solution 5 - Ajax

Solution 6 - Ajax

In Mustache, How to get the index of the current Section

PHP errors NOT being displayed in the browser [Ubuntu 10.10]

Attributions