Login

iot · 01-18-2021, 12:39 AM

Hello,

Thank your for reading my post. I would like to ask a question. I used Codeigniter 4. I used below code in my controller:

PHP Code:
public function __construct()
 {
     header("Access-Control-Allow-Origin: myhostname.com");
} 

However, it still be accessible from other sites via Ajax?
Could you please tell me how can I limit access to myhostname.com only?

**InsiteFX** · 01-18-2021, 03:18 AM

Also you should specify the url as "https://www.my.com"

Limiting the possible Access-Control-Allow-Origin values to a set of allowed origins requires code on the server side to check the value of the Origin request header, compare that to a list of allowed origins, and then if the Origin value is in the list, to set the Access-Control-Allow-Origin value to the same value as the Origin value.

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )

iot · 01-18-2021, 04:38 PM

(01-18-2021, 03:18 AM)InsiteFX Wrote: Also you should specify the url as "https://www.my.com"

Limiting the possible Access-Control-Allow-Origin values to a set of allowed origins requires code on the server side to check the value of the Origin request header, compare that to a list of allowed origins, and then if the Origin value is in the list, to set the Access-Control-Allow-Origin value to the same value as the Origin value.

Dear InsiteFX,

Thank you for your response. I think when we specify the header, the web server should do the check. if we have to write the php code in controller to check it, why we need that header ?

**InsiteFX** · 01-18-2021, 09:46 PM

You can read all about CORS here on MDN.

Cross-Origin Resource Sharing (CORS)

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )

tgix · 01-19-2021, 10:57 PM

Also note that AJAX CORS-checks are made using OPTIONS Method so you need to route that accordingly in CI.

iot · 01-19-2021, 11:22 PM

Thank you all