Buenas, tengo un problema de cross domain en una app que estos haciendo con api en PHP.
El tema es que he hecho varias y en todas funciona y en esta no.
Para crear el Response hago esto:
Código PHP:
header('Content-Type: application/json');
header("Access-Control-Allow-Origin: *");
header('Access-Control-Allow-Credentials', 'true');
header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Authorization");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");
header("Allow: GET, POST, OPTIONS, PUT, DELETE");
// return $response;
echo($response);
Y la respuesta que recibo, según google chrome, es esta:
Código:
Access to fetch at 'https://xxx.xxxxxx.com/xxxxx/api/client' from origin 'http://localhost:5500' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled
La cabeceras de la respuesta es:
Código:
HTTP/1.1 403 Forbidden
Date: Mon, 22 Aug 2022 07:22:23 GMT
Server: Apache
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Length: 199
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Si este mismo script lo corro en local no hay ningún problema.
Saludos