Reading time: < 1 minute
If executing a call to our REST API returns an error message “Cross-origin request blocked: The same origin policy does not allow reading of remote resources” or “Reason: CORS header ‘Access-Control-Allow-Origin’ missing” or “(Reason: CORS request failed)”.
Most likely, our server-side REST calls do not have the necessary headers to allow them to be used by different origins. If our server is PHP, we need to add the following header in our call (file or function) depending on the framework we use.
header('Access-Control-Allow-Origin: *');
With this header, we allow access to our API from any origin (publicly).
Other useful headers for PHP are:
header('Content-type: application/json');
Indicates that the response is in JSON format.
header('Access-Control-Allow-Headers: Content-Type, X-AUTH');
Indicates that you allow custom headers.
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT');
Indicates the type of requests that can be made to this endpoint (you can choose one or several).