I am facing an issue that I am lost my skills are bad at this and I am lost in loop not sure what to try anymore.
I have installed a CORS proxy server (https://github.com/Athlon1600/php-proxy-app) to my server here (https://www.proxy.webdesign-flash.ro/) for a radio player that loads HTTP SHOUTcast on an SSL https secure domain so I need that but I want to limit access only to my domain so calls to this script have to be only allowed from my domain.
I’ve tried to add a .htaccess with Header set Access-Control-Allow-Origin https://www.webdesign-flash.ro/ but it dose not work, I have no idea what I am doing wrong.
Any help is appreciated it.
Thank you.
Hello!
I use htaccess:
<IfModule mod_headers.c>
# Always set these headers.
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, Refresh, accept, client-security-token, Projectid"
# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
You can add your own headers.
Thank you for this but I want to restrict access only to my domain, so calles form ajax to this script to be allowed only if the script is called from my domain, if I add the header only to my domain it does not work at all.
Header always set Access-Control-Allow-Origin https://my-domain.com
Thank you.
The domain in quotation marks? You can share htaccess file?
This is how it looks Header set Access-Control-Allow-Origin https://webdesing-flash.ro
I am willing to pay for this so please any PHP developer that can help me with this let me k now it is driving me crazy.
So basically I have a php proy cors script that I only want to be allowed to be called via ajax from my domain.
Thank you.
Make sure that you have mod_headers enabled (a2enmod headers / service apache2 restart)
Then you can use :
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "https://webdesing-flash.ro"
</IfModule>
If you want to only allow AJAX calls, you also have to filter X-Requested-With: XMLHttpRequest (I think that you need to use SetEnvIfNoCase and Order Deny, Allow). Please note that any header information can be spoofed so this is not a secure option.
Please check here, click play do not change track https://www.webdesign-flash.ro/ht/rap/start/work.html#/player1?catid=0&trackid=21
I’ve added as you asked still it dose not work on the live stream.
It did not worked for me not sure why.
I give up, wasted almost a week on this crap, I am exhausted.
Do you guys know any https shoutcast stream, I could not find any it seam that all Shoutcast streams are http.
Thank you.