[eluser]asppp[/eluser]
I have a site based on Codeigniter, with Ion_Auth as authentication library.
It has worked fine in my XAMPP server, but when I published my website online, I get an Access-Control-Allow-Origin error when I try to load my login Fancybox iframe. But the weird thing is that this error only occur sometimes.
When the error exists, I can't open the iframe at all, I get the ("XMLHttpRequest cannot load "yoursite.com/login". Origin "yoursite.com" is not allowed by Access-Control-Allow-Origin.") in my chrome console.
The login controller is not based on any AJAX at all, it's all PHP, from the Ion_Auth login example.
I don't really know what Access-Control-Allow-Origin is, but it has something to do with cross-domain calls right?
I don't understand why I get this error, because I don't make any calls from another site or domain. The iframe just loads the Login controller which is on my domain.
Edit:
Hello again, I tried to disable the CSRF protection (I'm on 2.0.1), and it worked obviously.
But I'm just so confused over the fact that even when I don't use any jQuery or javascript at all, I still get an error.
Here's my code for the login-view.
Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Title</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="style.css" type="text/css" media="screen" />
<link rel="stylesheet" href="fonts.css" type="text/css" />
</head>
<body>
<div id="login">
<h2>LOG IN</h2>
<div class="form">
<form action="domain/login" method="post" accept-charset="iso-8859-1">
<div class="hidden">
<input type="hidden" name="csrf_test_name" value="48380d171d3d7d55df5719f30bba0aa1" />
</div>
<h3>Email</h3><br />
<input type="text" name="email" value="" id="email" /><br />
<h3>Password</h3><br />
<input type="password" name="password" value="" id="password" /><br />
<input type="submit" name="submit" value="Log in" class="button" />
</form>
</div>
<div class="info">
<a id="iframe_forgot_password" href="login/forgot_password">Forgot password?</a><br />
<a id="iframe_signup" href="login/signup">Not a member yet?</a><br />
</div>
</div>
</body>
</html>
The links are not correct, just for examples.
Why can't I log in, even when I don't use any jQuery or javascript?