CodeIgniter Forums
Access-Control-Allow-Origin from Iframe and Ion_Auth - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Access-Control-Allow-Origin from Iframe and Ion_Auth (/showthread.php?tid=46604)

Access-Control-Allow-Origin from Iframe and Ion_Auth - El Forum - 11-08-2011

[eluser]asppp[/eluser]
I have a site based on Codeigniter, with Ion_Auth as authentication library.

It has worked fine in my XAMPP server, but when I published my website online, I get an Access-Control-Allow-Origin error when I try to load my login Fancybox iframe. But the weird thing is that this error only occur sometimes.

When the error exists, I can't open the iframe at all, I get the ("XMLHttpRequest cannot load "yoursite.com/login". Origin "yoursite.com" is not allowed by Access-Control-Allow-Origin.") in my chrome console.

The login controller is not based on any AJAX at all, it's all PHP, from the Ion_Auth login example.

I don't really know what Access-Control-Allow-Origin is, but it has something to do with cross-domain calls right?

I don't understand why I get this error, because I don't make any calls from another site or domain. The iframe just loads the Login controller which is on my domain.

Edit:

Hello again, I tried to disable the CSRF protection (I'm on 2.0.1), and it worked obviously.

But I'm just so confused over the fact that even when I don't use any jQuery or javascript at all, I still get an error.

Here's my code for the login-view.

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
&lt;html&gt;
&lt;head&gt;
&lt;title&gt;Title&lt;/title&gt;
&lt;meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /&gt;
&lt;link rel="stylesheet" href="style.css" type="text/css" media="screen" /&gt;
&lt;link rel="stylesheet" href="fonts.css" type="text/css" /&gt;
&lt;/head&gt;
&lt;body&gt;

    <div id="login">
        <h2>LOG IN</h2>
        
        <div class="form">
            &lt;form action="domain/login" method="post" accept-charset="iso-8859-1"&gt;
            <div class="hidden">
                &lt;input type="hidden" name="csrf_test_name" value="48380d171d3d7d55df5719f30bba0aa1" /&gt;
            </div>

            <h3>Email</h3><br />
            &lt;input type="text" name="email" value="" id="email"  /&gt;&lt;br />
            
            <h3>Password</h3><br />
            &lt;input type="password" name="password" value="" id="password"  /&gt;&lt;br />
                
            &lt;input type="submit" name="submit" value="Log in" class="button" /&gt;
            &lt;/form&gt;
         </div>
        
         <div class="info">
             <a id="iframe_forgot_password" href="login/forgot_password">Forgot password?</a><br />
             <a id="iframe_signup" href="login/signup">Not a member yet?</a><br />
         </div>
    </div>
&lt;/body&gt;
&lt;/html&gt;

The links are not correct, just for examples.

Why can't I log in, even when I don't use any jQuery or javascript?