php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77802 PHP website CORS problem
Submitted: 2019-03-27 05:02 UTC Modified: 2021-07-30 12:17 UTC
Votes:4
Avg. Score:4.5 ± 0.9
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: tietew at gmail dot com Assigned: cmb (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: tietew at gmail dot com
New email:
PHP Version: OS:

 

 [2019-03-27 05:02 UTC] tietew at gmail dot com
Description:
------------
---
From manual page: hhttps://www.php.net/manual/en/index.php
---
Chrome 73 reported following error in dev console and incremental search does not work.

Access to XMLHttpRequest at 'https://php.net/js/search-index.php?lang=en' from origin 'https://www.php.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

php.net is now redirected to www.php.net, but Ajax request is still sent to php.net.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-03-27 08:15 UTC] salathe@php.net
-Summary: PHP manual CORS problem +Summary: PHP website CORS problem -Type: Documentation Problem +Type: Bug -Assigned To: +Assigned To: derick
 [2019-03-27 08:15 UTC] salathe@php.net
Assigning to Derick since he has been leading the recent changes for the website.
 [2019-04-24 08:57 UTC] tietew at gmail dot com
Once problem was solved. But now, a different error occurs.

Access to XMLHttpRequest at 'https://www.php.net/js/search-index.php?lang=en' from origin 'https://php.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'http://php.net' that is not equal to the supplied origin.
 [2019-04-29 18:06 UTC] php4fan at gmail dot com
Apparently this had been fixed, but now it's back the other way around.

The home page https://php.net/ does NOT redirect to https://www.php.net (it should). So, the autocomplete for the search box works for most pages, but not for the home page at https://php.net/ because it does the request to https://www.php.net/

The solution is three-fold (I think any of these alone would fix the issue, but ALL three should be done):

1. Have https://php.net/ redirect to https://www.php.net and make sure there are no other pages besides the index that forget to redirect.
2. Instead of loading from "https://www.php.net/whatever", load from "/whatever"
3. Set up your CORS policy properly. Both php.net and www.php.net should list both php.net and www.php.net as allowed origins.
 [2019-04-29 18:12 UTC] php4fan at gmail dot com
> The home page https://php.net/ does NOT redirect to https://www.php.net

Actually, it's worse than that.
There's NO REDIRECT WHATSOEVER.

No php.net page redirects to its www.php.net counterpart. It's just all the links within the page point to www., so if you follow one link you will be in the right place. But you can access any page without the www and you won't be redirected, but it will be broken.

Quite pathetic.
 [2021-07-30 11:39 UTC] cmb@php.net
-Status: Assigned +Status: Feedback -Assigned To: derick +Assigned To: cmb
 [2021-07-30 11:39 UTC] cmb@php.net
Is that still an issue?
 [2021-07-30 12:11 UTC] tietew at gmail dot com
It seems to be fixed.
 [2021-07-30 12:17 UTC] cmb@php.net
-Status: Feedback +Status: Closed
 [2021-07-30 12:17 UTC] cmb@php.net
Thanks for the swift reply!
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 11:01:28 2024 UTC