I have run into a strange situation in a Flutter Web application. I am making a request to a PHP script which appears to give me a CORS error, but it seems that the PHP code gets executed anyway...

When I make the request, the Flutter Web app throws an exception

XMLHttpRequest error

and the Chrome developer tools network tab shows CORS error in the status column for the request.

But despite this, it seems like the script is actually executed and inserting data into the database.

Is it possible that a PHP script can execute while still giving a CORS error on the client?

CodePudding user response：

You need to check the http method in your script before executing your code :

if ($_SERVER['REQUEST_METHOD'] === 'GET') {

}

The browser make a OPTIONS request to the server to check cors, which will execute your script, and if the cors check pass, your script will be called twice, one for the OPTIONS call, and another for the GET call

CodePudding user response：

PHP does not care the least about the client-side.
A CORS error is always a content embedding error.

eg. an API client which doesn't embed anything in a browser, isn't affected at all.

PHP needs to send proper headers for preflight OPTIONS requests. Sending wildcard Access-Control-Allow-Origin: "*" defeats the idea. When it's required to permit * or localhost it's suggested to exchange custom headers, in order to narrow down the access scope.