With this basic Search Form when I bring up the page that has the Search Form and select Category, from the Search Form, my two choices show in the drop-down. When I select either one, and then select Sub-Category, that drop-down shows no choices (just “Sub-Category”). If I refresh the page, same result. But if I select “Submit” go to the results page, and then return to Search Form page, the Form works properly with all Categories and sub-categories available. If I refresh the page, the choices are still available. And, if I close the page, and then return, by retyping the url, no choices in sub-category again, until I submit and return. This same scenario in Chrome & IE. Any way to remedy this so, all choices are available without Submitting and returning first? Here’s the code:
I looked at the Chrome dev tools console and I see this:
MLHttpRequest cannot load https://www…com/ajax.php.
esponse to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
Origin ‘http://www…com’ is therefore not allowed access.
which, I’m guessing may be related to Search Form because of the /ajax.php reference.
Thanks for your reply.
I don’t understand “the other website needs to add a header that gives you permission to access their content”.
This is just my one domain, I don’t understand “the other website”. Can you enlighten me please?
For security reasons, AJAX requests have a “same origin” policy.
It was my understanding that “same site” requests were “whitelisted” but apparently that is incorrect.
The keyword here is “prefighted”.
According to MDN certain conditions trigger a preflight check.
a request is preflighted if:
It uses methods other than GET, HEAD or POST. Also, if POST is used to send request data with a Content-Type other than application/x-www-form-urlencoded, multipart/form-data, or text/plain, e.g. if the POST request sends an XML payload to the server using application/xml or text/xml, then the request is preflighted.
I would be more likely to use the sites URL as the origin value myself.
The origin parameter specifies a URI that may access the resource. The browser must enforce this. For requests without credentials, the server may specify “*” as a wildcard, thereby allowing any origin to access the resource.