How to use Access-Control-Allow-Origin: https://www.example.com?

Question

I want to make HTTPS calls from an HTTP webpage. I hope to solve this problem with Access-Control-Allow-Origin. How can I use it?

Answer 1

On the HTTPS page (that you are requesting from the HTTP page) set the header:

Access-Control-Allow-Origin: http://www.example.com

You can do this in PHP with:

<?php
    header("Access-Control-Allow-Origin: http://www.requesting-page.com");
?>

Alternatively if that doesn't work, you could create a file on your HTTP server (where the request is coming from) that downloads and displays the contents, this can be done in PHP with:

<?php
    echo  file_get_contents("https://www.requested-page.com");
?>

I would not advise doing this as it requires extra bandwidth and isn't good practice, it should only be used if you can't do the first option. Furthermore, if a developer has set the access control to be restricted it's probably for a reason.

Answer 2

You can't, really. It's the browser preventing it. Security reasons. You can look into cURL. Read this posting: https-request-via-ajax-from-http-page