FAQ Database Discussion Community


Server-side requests and XmlHTTPRequest (client-side) and security

javascript,security,xmlhttprequest,cross-domain,same-origin-policy
I was wondering about the following: When I make an XmlHTTPrequest to a external source outside my domain it will fail when there is a conflict with the same-origin-policy. This is due to security reasons. The code I wrote will be executed on a client's PC, which has restrictions. However...

External web font via redirect

css,redirect,cross-domain,webfonts
When trying to use a font file from another domain on a web page, I ran into the restrictions of the Cross Origin Resource Policy in all its glory. So, instead of referencing the external font URL directly from CSS with @font-face, I referenced a local URL path which redirects...

Consuming WebService in Cross Domain

javascript,jquery,web-services,cross-domain
It should be very simple. I have read a lot of posts about consuming web service cross domain and the use of JSONP, but there is something I am missing. If I call the following URL in the WebBrowser, I can get my result: http://benfaniz.com.br/WebService.asmx/AAA_Buscar_Nome_Condominio?callback=? To consume it using jQuery,...

Unique session issue with Access-Control-Allow-Origin

php,ajax,session,cross-domain,access-control
When I am trying to access data using cross Domain request (from multiple domains). I have added the following codes in php file at back end. header("Access-Control-Allow-Origin: *"); Every time a new session is generated for each request, because of which large number of session files pile up on server....

Handling cross domain preflight AJAX OPTIONS requests with Spring MVC 4

ajax,spring-mvc,cross-domain,preflight,http-options-method
This is probably a simple answer, but I can't seem to get it to work. In a cross-domain, preflight AJAX request, the client first makes an OPTIONS request just get a set of headers back to figure out what the remote server accepts. Right now, for every Spring controller POST...

XMLHttpRequest to Restivus API

javascript,meteor,xmlhttprequest,cross-domain,cors
I have got a problem when sending a cross domain XMLHttpRequest to a Restivus API. Here my code for the client side script: var xhrurl = 'http://example.com:3000/api/test'; var xhr = createCORSRequest('POST', xhrurl); xhr.withCredentials = true; xhr.setRequestHeader("Content-type","application/json"); xhr.setRequestHeader("X-User-Id",object.apiUser); xhr.setRequestHeader("X-Auth-Token",object.apiKey); xhr.send(); Here the function createCORSRequest function createCORSRequest(method, url) { var xhr =...

Getting Microsoft.AspNet.WebApi.Cors version issue in WebAPI

.net,asp.net-mvc,web-services,asp.net-web-api,cross-domain
I have installed Microsoft.AspNet.WebApi.Cors package using Install-Package Microsoft.AspNet.WebApi.Cors in my WebApi project(.net framework 4.5.2) and now I'm getting below error while compiling the project. Reference: http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api Assembly 'System.Web.Http.Cors, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' uses 'System.Web.Http, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' which has a higher version than referenced...

How to set WebSocket Origin Header from Javascript?

javascript,websocket,cross-domain
I'm trying to use javascript to make a websocket request from a local test.dev page to a server running at ip 123.123.123.123 on behalf of test.com. The request goes through, but the 123.123.123.123 server sees the Origin: test.dev header in the websocket request and rejects the connection because it wants...

Ext.Ajax Cross-Domain post request

ajax,post,extjs,request,cross-domain
I'm testing ExtJS v.5.1.0.107 and I my goal is that to perform a post ajax request on a different server. I've found some similar discussions but nothing seems to work for my scenario. Here's request code: Ext.Ajax.request({ url: 'http://192.168.1.60/test.php', method: 'POST', cors: true, useDefaultXhrHeader : false, params : { myPar1...

How to use cross domain requests using json with disable web security?

ajax,json,asp.net-mvc,cross-domain,jsonp
I have the below scripts that make a REST / WCF WEBGET call to return a payload. It works perfectly fine when both AppServer and Web Server in the same domain. UI Javascript: model.Source = new kendo.data.DataSource({ serverFiltering: true, pageSize: 5, type: 'GET', transport: { serverFiltering: true, serverPaging: true, serverGrouping:...

Load image using crossOrigin attr. in Firefox addon sdk

javascript,firefox,firefox-addon,cross-domain,firefox-addon-sdk
In content script in Firefox addon SDK I'm loading image like this way: var img = new Image(); img.crossOrigin = "Anonymous"; img.src = URL; img.onload = function (data) { var canvas = document.createElement("canvas"); canvas.width =this.width; canvas.height =this.height; var ctx = canvas.getContext("2d"); ctx.drawImage(this, 0, 0); var dataURL = canvas.toDataURL("image/jpeg"); callback.call(this,dataURL); }...

Parsing html table from different domain [closed]

javascript,jquery,html,dom,cross-domain
i'm making an iOS app for showing schedule for my college. I'm kinda new in javascript, i thought it's simple until now. I know this task may be simple and trivial, but listen: My application generates link with parameters and then creates a dynamic page with an iframe and opens...

Why does CORS allow sending data to any server?

javascript,cross-domain,cors,same-origin-policy
I spend some time to understand how Cross-Origin-Resource-Sharing works, and I cannot believe how this could be designed so insecure. When a website hosted on foo.com wants to request a resource which is stored at bar.com via ajax, the browser asks bar.com if the request is allowed. Only if bar.com...

How can I serve crossdomain.xml file on a specific port?

actionscript-3,sockets,flash,cross-domain,port
Let me introduce my problem step by step: I was using a socket connection on the address www.mydomain.com:1925 to provide a chat service for my users. When I moved to cloudflare, I could not connect to port 1925 directly because of the fact that my requests were reaching my origin...

how can I access iframe.contentDocument to get response after cross-origin request?

javascript,iframe,cross-domain,same-origin-policy,allow-same-origin
I'm successfully sending a file from localhost:8888 to localhost:8080 (different domain in production), but I can't read the HTTP response after the transfer finishes. Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "http://localhost:8888" from accessing a frame with origin "http://localhost:8080". The frame requesting...

Javascript limited by client-side and access-control-allow-origin

javascript,cross-domain
Basically I have found a way without exit (I am sure there has to be a way) to request a file using JS. As you know, you cannot request files from a server (e.g. a shared file in google drive) because the access-control-allow-origin security issue. On the other hand, you...

local AJAX-call to remote site works in Safari but not in other browsers

javascript,jquery,ajax,cross-browser,cross-domain
I am maintaining a website that uses Javascript. The script uses jQuery and loads some content from the server at which the site is normally hosted. Just for convenience while maintaining the site, I run a local copy of the site on my iMac. This works perfectly fine when I...

Angular cross-domain post: fails using some browsers

javascript,angularjs,post,cross-domain
I have a cross-domain POST request in Angular (1.4.0), which works using Chrome (43+) and Firefox (37+) after I remove the Content-Type header. But it fails when using Safari, or Safari/Chrome on the iPhone/iPad. The error message then is: Failed to load resource: Request header field Content-Type is not allowed...

Failed to call CORS web service from jquery and plain javascript

javascript,jquery,ajax,cross-domain,cors
I am trying to access a public web service provided by USGS. According to the web page, they support CORS, and even provided a JQuery example (one thing worth to mention is that the example sets no header), but I tried everything and so far have no luck. There are...

Send analytic data to different domain without response

javascript,jquery,google-analytics,cross-domain,analytics
Precondition I own mysite.com I do not own othersite.com, but I can embed javascript code there Question How to send analytic data from othersite.com to mysite.com ? Expected : othersite.com client -> mysite.com server Not expected : othersite.com client -> othersite.com server -> mysite.com server Its principle seems like to...

Ajax request between subdomains with different ftp

php,ajax,linux,file-upload,cross-domain
I have 2 subdomains,which are hosted on same server. Each have separate ftp login. How can i make ajax request from one subdomain to another. My ultimate aim is to upload image from one subdomain to another. Thanks in advance....

Firebase twitter authentication and cross-site scription

javascript,cross-domain,firebase,firebase-security
I have implemented "twitter authentication" on my firebase app. as described here: https://www.firebase.com/docs/web/guide/login/twitter.html It works very well. Once the user is logged in, he is also able to send some requests to my domain by using XMLHttpRequest. when I send the XMLHttpRequest's payload I tend to pass the "username" via...

Get image data from another domain with AJAX request

javascript,ajax,cross-domain,typescript
I am trying to get binary data of an image from another domain with an AJAX request. I tried various methods, but there was no working solution. I found some code on the internet that looked good, but even with this calls I get errors. What do I wrong? Is...

Detecting applicationCache viability of remote resource

javascript,cross-domain,offline-caching,application-cache
I am trying to determine if cache (as obtained via applicationCache and HTML5 cache-manifest) is available located on a different domain (local file system vs WWW). The cache-checking resource (a gateway mechanism, if you will) is located on the local filesystem and is loaded via a webview. This is a...

Show content depending on domain using jQuery javascript

javascript,jquery,cross-domain,subdomain,business-catalyst
HI Guys I have a site that carries 2 domains one is .com and the other is a .us I am trying to get it to show a flag for the country domain chosen so if it is clicked on a link to direct to a .us I wanted to...

AJAX call following 302 redirect sets origin to null

ajax,http,redirect,cross-domain,cors
I'm doing an ajax call From domain A to domain B. My domain B checks if A is in the list of allowed domains and sets the Access-Control-allow-Origin to domain A. So far, so good. Domain B responds to the request by sending a 302 redirect to domain C using...

Cross domain file upload with jQuery

javascript,jquery,ajax,cross-domain
My code is working fine for same domain. But when I try it on cross domain with dataType: 'jsonp' & crossDomain: true Code sample - var fa = new FormData(); fa.append("upload_pass", document.getElementById("upload_pass").files['0']); $.ajax({ url: 'http://xxx.xx.xx.xx/upload.php', data: fa, contentType: false, processData: false, dataType: 'jsonp', crossDomain: true, type: 'GET', success: function(data) {...

Internet not accessible from ripple emulator

cross-domain,visual-studio-cordova,ripple
I created a VS Cordova project, and need to download some data from a web service, but Ripple runs inside Chrome, and Chrome considers that request "cross-domain" and blocks it. Setting ripple proxy option to disabled/local/remote has no effect. I can start another instance of Chrome with --web-security-disabled command line...

jquery not loading in a script from another domain

javascript,jquery,cross-domain
I have the problem that I want to load a Javascript on a website from another website and use jQuery there. But it seems jQuery is never available. I tried all the things in this post: Test if jquery is loaded not using the document ready event. Is it maybe...

PHP Vs JQuery Web api2

php,security,web,asp.net-web-api,cross-domain
Well, the title is really bad here, but I had no other way to explain what is happing my server. I have a normal web api2, new. I installed cross domain and only putted config.EnableCors(); on webapiconfig. I have a MailController Which contains this method : [HttpPost]//omUrl/{url?} [Route(@"~/api/Mail/MailOpen")] public void...

Is there a way around Access-Control-Allow-Origin?

javascript,jquery,api,cross-domain
I'm using an API from JIRA to get some information on bugs. Here's an example of the JQuery I'm using to get it: var endpoint = 'https://jira.cyanogenmod.org/rest/api/latest/issue/CYAN-2631'; $.get(endpoint, function(data) { do_stuff(data, data['fields']['project']['self']); }); And, I'm getting the ever-terrible Access-Control-Allow-Origin error. It looks like this: XMLHttpRequest cannot load https://jira.cyanogenmod.org/rest/api/latest/issue/CYAN-2631. No 'Access-Control-Allow-Origin'...

Google Analytics Cross Domain with CoreCommerce

google-analytics,cross-domain
I would like to setup cross domain tracking. Google says the code on the the first domain should look like this. ga('create', 'UA-XXXXXXX-Y', 'auto', {'allowLinker': true}); ga('require', 'linker'); ga('linker:autoLink', ['example-2.com'] ); For example-2.com, my URL looks like this: https://www15.corecommerce.com/~mystore897/checkout.php?m=fastcheckout Should my code look like this now? ga('create', 'UA-XXXXXXX-Y', 'auto', {'allowLinker':...

No 'Access-Control-Allow-Origin' header is present on Orion Context Broker

cross-domain,fiware-orion
How to setup Access-Control-Allow-Origin to allow cross domain ajax requests on Orion Context Broker ver.0.15.0 My JS script function capture_sensor_data(){ var contentTypeRequest = $.ajax({ url: 'http://x.x.x.x:1026/ngsi10/queryContext', data: { "entities": [ { "type": "Room", "isPattern": "false", "id": "Room1" } ] }, type: 'POST', dataType: 'json', contentType: 'application/json', headers: { 'X-Auth-Token' :'you_auth_token'}...

Hide referrer header in API request

javascript,api,google-api,cross-domain,referrer
I need to make requests to Google Translate Text-To-Speech API. I have an enabled key but keep getting blocked by No Access-Control-Allow-Origin. I've posted more about it here: Google Translate API - No Access Control Origin with Text to Speech The following sources, http://weston.ruter.net/2009/12/12/google-tts/ and Request to Google Text-To-Speech API...

dojo.require not loading in recursive order

javascript,dojo,cross-domain
I'm trying to move some of my dojo 1.7 codebase online. I've enabled CORS on the server, and local/online files are loaded with dojo.require. While this worked fine for local files, http files would fail to load in recursive order. For example, dojo.registermodulepath("my.path", "http://my.path"); dojo.require(my.path.module1); dojo.require(my.path.module2); Now, assuming the module1...

WCF handling CORS & Options VERB

wcf,iis,cross-domain,cors
I have a wcf service hosted on IIS. Almost all the documents say that to enable cors, you should handle the OPTIONS VERB. (Pre-Flight Requests) I have a method whose signatures are : [OperationContract] [FaultContract(typeof(ExceptionManager))] [WebInvoke(Method = "POST", RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json, BodyStyle = WebMessageBodyStyle.WrappedRequest, UriTemplate = "PostLog")]...

HTML5 download attribute not working when downloading from another server, even when Access-Control-Allow-Origin is set to all (*)

html5,http,download,attributes,cross-domain
I have a download link like so: <a href="foo.xls" download="bar.xls">Foobar</a> This works fine when downloading a file on the same server, but when downloading from another server (Azure blob storage in this case) the filename stays as "foo.xls", even though the HTTP response comes back with the following header: Access-Control-Allow-Origin:...

Sending Cookies across Cross Domain

jquery,cookies,cross-domain,cors
Objective : To share cookies across domains Our UI is running in a server 'A' at port P1 and our services is up and running in the same server 'A' at port P2. UI (Server 'A', Port P1) ----> Services (Server 'A', Port P2) While making rest calls from UI...