0

I've just switched over a website from one host to a different host and for some reason we're getting multiple of the following errors when trying to access a third party API

Access to XMLHttpRequest at 'https://externalwebsite.com/api/' from origin 'https://www.mainwebsite.com.au' has been blocked by CORS policy: Request header field x-xsrf-token is not allowed by Access-Control-Allow-Headers in preflight response.

The .htaccess file has a CORS policy to allow these connections:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
</IfModule>

I can see the old host has set the following cookies, which when I deleted them on my system it allowed the website to work normally:

XSRF-TOKEN 1551054855|ZxDIR_16hNnw .www.mainwebsite.com

hs 1333923782 .www.mainwebsite.com

svSession 253f275579e7747b6495ca6ff45ba024da3bd3b36906f5ac14b709de48792403faf1d3bbff2205d92d2e9a8de90d4b101e60994d53964e647acf411e4f798bcd4c6094311de4bdfbf81f1c6cdfaa3e9de1f5fc736f232b0c584f30f1f7d232d9 .www.mainwebsite.com

How can I include some PHP or Javascript to purge those cookies for anyone who loads the website so that it loads normally for those that have visited the website in the past?

Ryflex
  • 5,559
  • 25
  • 79
  • 148

1 Answers1

1

If you can give me some more info of your front end framework I will explain it more clearly.

Possible solution : on page load add script to remove cookies

$(window).load(function() {
  $.cookies.del('name_of_your_cookie');
});

This will remove cookies now just add a read cookie command and a condition that will check if cookies are old and need to be removed.

you can use document.cookie to read cookies and parse to check for key values.

Ping me in case of any query :)

Azeem Aslam
  • 554
  • 5
  • 19