Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
193 views
in Technique[技术] by (71.8m points)

php - CORS: header is present but "if" statement negates the header

I'm working on a pretty simple application.

Here's the overview:

I've got a web form where the URL contains a variable. I'm grabbing the value of that variable and sending it to my web server (it's hosted on another domain) through an AJAX call. Once retrieved, the variable is ran against a SQL DB, if a match is found, I send that data back to my web form to do something with.

I've got the CORS headers defined and set to only accept data from the origin source where my form resides. Thus far it's all worked fine.

Here's the PHP code that is working:

<?php
    // CORS headers to allow traffic from the form to run here
    header('Access-Control-Allow-Origin: https:mydomain.com');
    header('Content-Type: application/json');

    //Retrieve the value passed from the Ajax script
    $finderID = $_REQUEST['Finder'];    

    //SQL Statement to connect, retrieve and parse out the data as JSON
    $conn = new mysqli("localhost", "db_uname", "db_pswd", "db_table");
    $result = $conn->query("SELECT * FROM onlineFinderLookup WHERE printID = $finderID");
    $outp = array();
    $outp = $result->fetch_all(MYSQLI_ASSOC);         
        
    echo json_encode($outp);

?>

Now, I'd like to be able enforce some validation around the value of that variable. I want to know if it's numeric and greater than 0. IF so, then connect to the DB and get my data.

I've attempted to do that this way:

<?php
    // CORS headers to allow traffic from the form to run here
    header('Access-Control-Allow-Origin: https:mydomain.com');
    header('Content-Type: application/json');

    //Retrieve the value passed from the Ajax script
    $finderID = $_REQUEST['Finder'];   

    if ($finderID >= 0 && is_numeric($finderID) {

        //SQL Statement to connect, retrieve and parse out the data as JSON
        $conn = new mysqli("localhost", "db_uname", "db_pswd", "db_table");
        $result = $conn->query("SELECT * FROM onlineFinderLookup WHERE printID = $finderID");
        $outp = array();
        $outp = $result->fetch_all(MYSQLI_ASSOC);         
        
        echo json_encode($outp);
    }
    else {

    }

?>

When I run the code with an IF statement in it, my console throws me a CORS error and says the header isn't defined. Any idea why?

Also, would be curious if this seems like a secure way to be gathering data from my DB or if I'm way out in left field with this.

Thanks!

UPDATE: Including console error

Access to XMLHttpRequest at 'webserver' from origin 'webform' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

question from:https://stackoverflow.com/questions/65834286/cors-header-is-present-but-if-statement-negates-the-header

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You missed a ) at the end of the IF sentence. The correct way is:

if ($finderID >= 0 && is_numeric($finderID)) {

If the server throws an exception, that causes the headers not sent properly, and then get blocked by the browser


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...