问题
Alrighty, I've been beating my head against this one for a few days and after extensive Googling (there's a lot of purple links when I search anything regarding this now) I'm pretty much stumped. The form works both from our domain and the AMP one, so maybe I should just get over it and let it be. At the same time though, I want it to be correct so hopefully someone can help me out here.
I have read the AMP CORS documentation a few times and everything seems all good to me.
On form submission, all of our forms return the error below. Visually the URL's appear the same. I've pasted them into a plain text editor and all seems good there too.
As a result of this error our forms technically throw an error message on submit. We have just flipped the messages around for now so an error pops up as a success, which is probably not the greatest as if it should properly succeed it will throw an error message.
We are running the headers out of our htaccess file, code below for that.
<IfModule mod_headers.c>
Header set Access-Control-Allow-Credentials "true"
#Header set Access-Control-Allow-Origin "static.craigmanufacturing.com"
#Header set Access-Control-Allow-Origin "https://www-craigattachments-com.cdn.ampproject.org"
#Header set Access-Control-Allow-Origin "https://www-craigattachments-com.amp.cloudflare.com"
SetEnvIf Origin "https://(static.craigmanufacturing.com|www-craigattachments-com.cdn.ampproject.org|www-craigattachments-com.amp.cloudflare.com|https://cdn.ampproject.org)$" AccessControlAllowOrigin=$0$1
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Source-Origin "https://www.craigattachments.com"
Header set Access-Control-Expose-Headers AMP-Access-Control-Allow-Source-Origin
Header set AMP-Access-Control-Allow-Source-Origin "https://www.craigattachments.com"
</IfModule>
Anyone have any thoughts on why we may be getting this error that I may be missing? You can try out our contact form here: https://www.craigattachments.com/contact-us - all messages go to an inbox that only I have access to so no worries on hitting it.
I will happily provide more details on this if required as I'm sure I may have forgotten to include some crucial detail as my brain is mush about this issue at this point.
Edit: here's the PHP (stripped down a bit of my details and the HTML) behind sending the form as well. Doubled up on headers in here because otherwise it seems to throw a JSON syntax error, even though after testing the error above is coming from the htaccess file. I have also tried stripping the headers from htaccess and including them in the PHP only.
<?php
header("Access-Control-Allow-Headers:Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token");
header("Access-Control-Allow-Methods:POST, GET, OPTIONS");
header("Access-Control-Allow-Origin:".$_SERVER['HTTP_ORIGIN']);
header("Access-Control-Expose-Headers:AMP-Access-Control-Allow-Source-Origin");
//header("AMP-Access-Control-Allow-Source-Origin:https://".$_SERVER['HTTP_HOST']);
//header("AMP-Access-Control-Allow-Srouce-Origin:https://www.craigattachments.com");
header("AMP-Access-Control-Allow-Source-Origin:".$_REQUEST['__amp_source_origin']);
header("Content-Type: application/json");
error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED ^ E_STRICT);
set_include_path("." . PATH_SEPARATOR . ($UserDir = dirname($_SERVER['DOCUMENT_ROOT'])) . "/pear/share/pear" . PATH_SEPARATOR . get_include_path());
require_once "Mail.php";
require_once "Mail/mime.php";
$host = "###";
$username = "###";
$password = "###";
$port = "###";
$to = "###";
$email_from = "###";
$email_name = $_POST['fullname'];
$email_subject = $_POST['subject'];
$email_body = $_POST['message'];
$email_address = $_POST['sender_email'];
?>
<?php
$html_email = '';
$crlf = "\n";
echo json_encode(array($email_subject, $email_address, $html_email, $email_name));
$headers = array ('From' => $email_name . "<" . $email_from . ">", 'To' => $to, 'Subject' => $email_subject, 'Reply-To' => $email_address);
$smtp = Mail::factory('smtp', array ('host' => $host, 'port' => $port, 'auth' => true, 'username' => $username, 'password' => $password));
$mime = new Mail_mime($crlf);
$mime->setHTMLBody($html_email);
$html_email = $mime->get();
$headers = $mime->headers($headers);
list($user,$domain) = explode('@', $email_address);
$mail = $smtp->send($to, $headers, $html_email);
?>
Edit2: I updated my code to include my commented out other attempts.
回答1:
This header allows the specified source-origin to read the authorization response. The source-origin is the value specified and verified in the "__amp_source_origin" URL parameter (for example, "https://publisher1.com").
The value needs to be an allowed origin, not a comma-separated list of allowed origins which is what you are providing.
来源:https://stackoverflow.com/questions/56291275/amp-access-control-allow-source-origin-is-not-equal-to-the-current