CORS, or Cross-Origin-Resource-Sharing, describes a protocol for securely sharing resources between different websites. By default, web browsers do not allow web pages to access external resources via AJAX as a security measure. CORS allows websites to load external resources, if the remote server explicitly allows it via a set of headers.
This issue can also pop up if you are working locally, and you are viewing a HTML file via the file:// protocol and loading resources via the http:// protocol.
Apache mod_headers provides an easy way to implement CORS and add the appropriate headers. Of course, you may want to dynamically server the CORS headers, but this is dead-simple.
Simply add the following to a file called ‘.htaccess’, and you will be able to access the resources in that directory (and all nested directories) via other websites.
Header add Access-Control-Allow-Origin "*"
To verify the header is present, use
curl with the
-I (capital i) flag to display the headers. You should see the “Access-Control-Allow-Origin: *” header.
If this isn’t working, it may mean that a) you don’t have mod_headers loaded by Apache, or b) that you have .htaccess file overrides turned off.