CORES problem?


I have a website that runs javascript in a browser on my free amazon EC2 server.

The Javascript in the browser makes php calls to the amazon ec2 server, causing the php script to fetch data from another server, passing it back to the javascript in the browser.

for example the javascript in the browser would call the php code on the server like this

This would make the php code fetch file.mp4 from and pass it to the javascript running browser.

All that works fine.

Now i decide to assign a nice domain to the amazon ec2 and run that domain through cloudflare for security.

So i buy a new domain called myDomain from go daddy and assign that to the amazon ec2 server.

Then run through a free cloudflare account for security reasons.

So the javascript in the browser would now call

This should do the same thing as before, except go through cloudflare to amazon ec2, and then to the php script which would fetch the file.mp4 from and pass it back through cloud flare to the browser.

But now for some reason the browser crashes when the javascipt make the call to the php giving an uncaught security error saying that cross-origin data may not be loaded

Actually it crashes when im fetching a streamed video which works when i dont use cloudflare.

Anybody knows what is the problem and how to fix??



You may forget to change URL for some requests from to

If JavaScript comes from it should work. Otherwise you need to set Access-Control-Allow-Origin header for


Hello Xaq,

Thanks for the suggestion, but all the requests are generated from a single place in the javascript, so there is no chance of some requests going to the old URL.

Yes Javascript comes from, so im confused why it dont work.

Any other suggestions?


No more Idea unless we know what is the domain and check it. You can do that yourself, check network tab of browser dev tools.


Hello Xaq,

How do i set Access-Control-Allow-Origin header for my domain?



You need to set that header where the php code is hosted (via php or .htaccess).


Do you mean something like

<?php ..... header('host :'); ..... ?>
1 Like

Hello Xaq,

Thanks for the help, i added that to my php script, it seems to work for a while (it used to crash right away). Now it works for a while, maybe i play a few videos, then it randomly crashes with the same error. Here is the error…

exception thrown: SecurityError: Failed to execute ‘texImage2D’ on ‘WebGL2RenderingContext’: The video element contains cross-origin data, and may not be loaded.,Error: Failed to execute ‘texImage2D’ on ‘WebGL2RenderingContext’: The video element contains cross-origin data, and may not be loaded.
at _WebGLMovieTextureUpdate

Thanks for any suggestions, im so desperate!


Seems you need to add more origins. Without knowing the domain you are on your own to find that. You can test following code to make sure problem is what we are talking about:

header('Access-Control-Allow-Origin: *');

Remember above code should be replaced with origins you know, otherwise this can be used to run malicious code by hackers. Also check this answer on SoF, You may fix the issue without setting header to * with that.

closed #11

This topic was automatically closed after 31 days. New replies are no longer allowed.