FAQ Database Discussion Community


same origin policy error when creating map

javascript,same-origin-policy
I tried running the code below that creates a map using OpenLayers. The code is an example from the GeoServer Beginner's Guide. The code creates a map and adds a couple of layers to it. The client-side code (below) is loaded from the local filesystem and the layer data is...

how can I access iframe.contentDocument to get response after cross-origin request?

javascript,iframe,cross-domain,same-origin-policy,allow-same-origin
I'm successfully sending a file from localhost:8888 to localhost:8080 (different domain in production), but I can't read the HTTP response after the transfer finishes. Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "http://localhost:8888" from accessing a frame with origin "http://localhost:8080". The frame requesting...

Can an iframe release itself from allow-same-origin?

javascript,iframe,same-origin-policy
If Site A has an iframe of Site B, and the two sites are on different domains, can Site B know (via js or something) if it's in an iframe with the allow-same-origin attribute and thwart it? I need to reassure the administrators of site B that their site is...

Why does CORS allow sending data to any server?

javascript,cross-domain,cors,same-origin-policy
I spend some time to understand how Cross-Origin-Resource-Sharing works, and I cannot believe how this could be designed so insecure. When a website hosted on foo.com wants to request a resource which is stored at bar.com via ajax, the browser asks bar.com if the request is allowed. Only if bar.com...

Server-side requests and XmlHTTPRequest (client-side) and security

javascript,security,xmlhttprequest,cross-domain,same-origin-policy
I was wondering about the following: When I make an XmlHTTPrequest to a external source outside my domain it will fail when there is a conflict with the same-origin-policy. This is due to security reasons. The code I wrote will be executed on a client's PC, which has restrictions. However...

Can different subdomains of the same app prevent malicious attack like XSS?

security,xss,same-origin-policy
In my Rails app i have 2 subdomains, one : members.myapp.com which is the area shared between all members (where they can login and manage their accounts) Two : each member has its own website on a subdomain like this : member1.myapp.com, member2.myapp.com, member3.myapp.com etc... Let's imagine that user1.myapp.com run...

How to bypass Cross origin policy [duplicate]

javascript,php,same-origin-policy
This question already has an answer here: Ways to circumvent the same-origin policy 11 answers Mobile app where it needs to get access to a JSON file in another server. And its showing cross origin policy blocked. So is there any way to bypass or have the access to...

Iframes and Same-Origin-Policy and reverse proxy hack

html,security,iframe,same-origin-policy
I have been reading up on Iframes with different domains then the parent document and I am slightly confused. I understand that if the Iframe is from the same domain as its parent document, the parent document can access the iframe's document. It seems like I could circumvent this with...