CORS enabled in Apache, but AJAX not working (chrome says origin not allowed)
As Dahazer's link points out, the best bet is set a single Access-Control-Allow-Origin header. It's definitely not appropriate for production, but you could just echo back the Origin header whilst your in dev mode.
If you still have a problem, it's likely you're not setting quite enough CORS headers in the response. In my experience of doing cross domain ajax in chrome, (not using jquery mind), I've also needed to set the following header:
Access-Control-Allow-Headers : X-Requested-With,Content-TypeGiven I was using HTTP methods other than POST and GET it was also necessary for me to set
Access-Control-Allow-Methods : GET,PUT,POST,DELETEHowever, above all I'd recommend reading the html5 CORS tutorial, particularly the CORS on the server section. It should give you a good idea of the different ways to configure CORS, be it on the server or the client ( in your case jquery's ajax config options), based on your specific use case.
I had this issue recently. I had set Access-Control-Allow-Origin to * in Apache. However, Chrome was still blocking my cross-domain requests, while it worked fine in Firefox.
The solution that worked for me was to add a Access-Control-Allow-Methods header with value OPTIONS, GET, POST. Posting this here, in case anybody has the same issue in future and none of the other solutions work.
Could you try this please?
To Gemfile
gem "rack-cors", "~> 0.2.7"To config/application.rb
config.middleware.use Rack::Cors do |requests| requests.allow do |allow| allow.origins '*' allow.resource '*', headers: :any, methods: [:get, :post, :put, :delete, :options] endendDon't forget the restart server. Then it should be work.