Menu
  • HOME
  • TAGS

Enabling cross origin request

html,ajax,cors

Have you tried allowing foreign origins on the SERVER? Add this on the server side! (where apache/nginx runs) Access-Control-Allow-Origin: * example in apache2 or htaccess: <FilesMatch "\.(js)$"> <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule> </FilesMatch> ...

Why do browsers have Same-Origin policies when workarounds like JSONP and CORS exist?

ajax,security,jsonp,cors,xss

Your premise is incorrect. The Same Origin Policy says nothing about the ability of a web page to include resources on an external domain. It prevents direct access to resources via scripting that are owned by different Origins without them opting in. Therefore CORS and JSONP are not workarounds for...

Spring security CSRF CORS

angularjs,rest,spring-security,cors,csrf

CSRF and CORS are not the same thing. You probably have the CORS part sorted now, but you need to add a CSRF token to any POST/PUT/DELETE requests. Spring Security sends the token in a header in the blog series you quoted and Angular picks it up from there (you...

Angularjs Apache2 Symfony2 Cors

angularjs,apache,symfony2,cors

I use Nelmio CORS Bundle in my API's and I never have problems with CORS. https://github.com/nelmio/NelmioCorsBundle

Access jQuery from iframe with another domain

jquery,iframe,cors

You cannot access a child frame from a different domain. It's a security reason. If you could access data inside a child frame that is in a different domain, it would be easy enough to simulate fake pages.

Grizzly HttpServer: Set permanent header for every response

java,cors,grizzly

As @alexey said, there is no way (from the current Grizzly Server version) to do this. If anyone finds something else that works, i will gladly confirm it as an accepted answer. The best alternative that works quite well is to extend the 'ContainerResponseFilter' class and override the 'filter' method....

Standalone Spring OAuth2 JWT Authorization Server + CORS

spring-security,cors,jwt,spring-security-oauth2

Found the reason for my Problem! I just needed to end the filterchain and return the result immediatly if a OPTIONS request is processed by the CorsFilter! SimpleCorsFilter.java @Component @Order(Ordered.HIGHEST_PRECEDENCE) public class SimpleCorsFilter implements Filter { public SimpleCorsFilter() { } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws...

Is it possible to use CORS or JSONP to access the OpenID Provider Configuration?

javascript,cors,pingfederate

The CrossOriginFilter Jetty filter can be enabled in PingFederate to support this. Some more background and details on using it are captured in the following webinar: https://ping.force.com/Support/PingIdentityVideoLibrary?id=2255183096001...

Options method not allowed, CORS to Google Drive

javascript,jquery,cors,google-docs

Preflight OPTIONS requests occur when the request is non-simple, either caused by a non-simple header or a non-simple HTTP method. The access-control-request-headers: accept, content-type header means that you are attempting to send non-simple headers. Accept is always simple, but Content-Type is only simple when it has the value application/x-www-form-urlencoded, multipart/form-data,...

AJAX call following 302 redirect sets origin to null

ajax,http,redirect,cross-domain,cors

See here, this seems to suggest its related to a "privacy-sensitive" context. Are there any browsers that set the origin header to "null" for privacy-sensitive contexts?...

Possible to allow HTTP requests from HTTPS website?

iis,ssl,https,cors,mixed-content

stylesheet ... static resources that I don't regard as critical over http. CSS can include script and script can alter the page, so it is considered critical. ..."allow http requests from https with iis" ... The decision to deny mixed content is done within the browser. There is no...

jQuery not sending Authorization header

jquery,ajax,cors

Ah - turns out my ElasticSearch instance had CORS disabled. As I understand it, Chrome insists on sending an OPTIONS request to see if cross-domain POST is allowed before sending the POST itself in order to protect the security of the browser user. By manually modifying the request and adding...

Cant set CORS using sails js for google maps geo location

javascript,angularjs,cors,sails.js

Try installing this chrome browser plugin on the Chrome store and Enable cross-origin resource sharing in the options. https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi?hl=en Edit: You endpoint may look something like this: Firstly do: npm install request Then: In config/routes.js setup your route: 'get /location/:keyword': { controller: 'location', action: "getlocation" }, Then create a controller...

OAuth2 redirection fails with CORS error

redirect,spring-security,oauth-2.0,cors,restful-authentication

After more investigation here are my conclusions. I'll start with #2 first. Yes, we probably took a wrong turn. Specifically, OAuth2 was designed for authorization, not authentication. (Though if we had been running our own OAuth2 server we might have gotten away with it.) Google supports authentication of course: see...

OAuth2 - Status 401 on OPTIONS request while retrieving TOKEN

spring-security,oauth-2.0,cors,single-page-application,restful-authentication

I can just answer your questions in theory: So why is that an OPTIONS request from /oauth/token responses with 401 status even when it shouldn't? It won't let us authorize ourselves because it get's stuck at OPTIONS request in which we can't add authorization header. This is because the default...

Camel CXFRS cross origin resource sharing filter with Configurable Origin List

java,apache-camel,cors,cxfrs

Never mind. I found an answer. To make this more configurable, you cannot use the annotations based approach of the CrossOriginResourceSharing class provided. You can only use the filter. My approach was to wrap the filter class in a Factory implementation which built the filter in a factory method. This...

Can I change super global variables with nodejs like I do with php?

php,ajax,node.js,cors,superglobals

If you are using a framework like Express, CORS can be done like this: app.use(function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); next(); }); app.get('/', function(req, res, next) { // Handle the get for this route }); app.post('/', function(req, res, next) { // Handle the post for...

EnableCors always return wildcard for allowed origins in Web Api

asp.net-web-api,cors

Ok, finally found this in web.config within system.webServer <rewrite> <outboundRules> <rule name="Set Access-Control-Allow-Origin header"> <match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern="(.*)" /> <action type="Rewrite" value="*" /> </rule> </outboundRules> </rewrite> ...

How to enable CORS in an EmberJS application?

rest,ember.js,cors

This is a CSP issue not CORS Inside config/environment.js find the ENV.contentSecurityPolicy and add http://localhost:7654 to your 'connect-src' key e.g. 'connect-src': "'self http://localhost:7654' You will probably need a different setting for your production environment as well....

How do I add the “crossorigin” tag to a dynamically loaded script?

javascript,ajax,jsonp,cors

Well, I discovered my problem. This: script.crossorigin = 'anonymous'; should be this: script.crossOrigin = 'anonymous'; Note the capital "O". That attribute isn't capitalized in the HTML, but is capitalized in the JS interface. Good to know! Embarrassing, but I've decided to immortalize my mistake rather than delete the question in...

CORS POST request in ZF2 becomes OPTIONS request instead

php,zend-framework2,cors

So to start with your php script should do these checks: // Allow from any origin if (isset($_SERVER['HTTP_ORIGIN'])) { header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}"); header('Access-Control-Allow-Credentials: true'); header('Access-Control-Max-Age: 86400'); // cache for 1 day } // Access-Control headers are received during OPTIONS requests if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) header("Access-Control-Allow-Methods: GET, POST, OPTIONS");...

SignalR, ASP.NET 5 and CORS

signalr,cors,asp.net-5

Seen with SignalR team, this is working on http://localhost:port but not on file:///C:/Users/me/Documents/index.html and this is normal.

Enabling OPTIONS method on Azure Cloud Service (to enable CORS)

azure,cors,azure-api-management

In the end I ended up removing the handlers as in my question, but adding two custom handlers: <remove name="SimpleHandlerFactory-Integrated-4.0" /> <remove name="SimpleHandlerFactory-Integrated" /> <remove name="SimpleHandlerFactory-ISAPI-4.0_64bit" /> <remove name="SimpleHandlerFactory-ISAPI-4.0_32bit" /> <remove name="SimpleHandlerFactory-ISAPI-2.0-64" /> <remove name="SimpleHandlerFactory-ISAPI-2.0" /> <remove name="OPTIONSVerbHandler" /> <!-- Added the following handlers --> <add...

Angular/C# CORS Issue

javascript,c#,angularjs,cors

You do not need to send any additional headers from AngularJS. Preflight request will be made for you automatically. To enable all cross-origin requests in Web API, you can do this: Install NuGet package Microsoft.AspNet.WebApi.Cors. Add the following code to WebApiConfig.cs: var corsAttr = new EnableCorsAttribute("*", "*", "*"); config.EnableCors(corsAttr); Full...

Custom HTTP Header or cookies? how custom authentication/authorization helps in CSRF?

javascript,http,cors,csrf

When authentication is based on cookie, every fired request from the client will be authenticated. Whether it is a "good" - intended by application, or "bad - as a result of CSRF attack. Browser will always blindly add cookie to every request. When authentication is based, for instance, on bearer...

Cross Domain CORS and Images

html,amazon-web-services,amazon-s3,cors,amazon-cloudfront

CORS is a policy enforced by a browser. Its not going to prevent users from downloading images from your cloudfront distribution. You have two options. Make all your files private and provide access via signed urls. Cloudfront wont really cache images in this case however. The other option is to...

Ajax call to an API return error HTTP/1.1 405 Method Not Allowed

javascript,jquery,ajax,google-maps,cors

I tried a request via Postman, using GET and (only!) the URL you provide in your code snippet: 200/OK, no flaws. Try it without 'data'. Its only supposed to be used in POST-requests, not in GET-requests! But since you need to pass along your 'within_circle' dataset, you should either consider...

CORS for static HTML in vNext

cors,asp.net-5,asp.net-mvc-6

In Startup.cs Configure the policy in ConfigureServices ... public void ConfigureServices(IServiceCollection services) { options.AddPolicy("AllowEverything", builder => { builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials(); }); } Then in Configure set the app to use the policy, then set UseStaticFiles ... Ensure that UseStaticFiles() comes after UseCors - at least in the version I'm using (installed with...

For an HTTP OPTIONS request, is there any point in having a response body?

javascript,ajax,http,cors

From the specification: The response body, if any, SHOULD also include information about the communication options. The format for such a body is not defined by this specification, but might be defined by future extensions to HTTP. You can include it, and if you do it should probably be a...

How can I quickly detect local service absent?

javascript,jquery,cors

You can do a timeout if the navigator is Firefox: var timeoutcall = 0; if(navigator.userAgent.toLowerCase().indexOf('firefox') > -1) { timeoutcall = 100; } $.ajax({ url: url, type: 'GET', timeout: timeoutcall , async: true, success: function(data) { // Hooray! Application is there. Do 'hooray' stuff }, error: function(data) { // Whoah the...

Sending Cookies across Cross Domain

jquery,cookies,cross-domain,cors

i feel second approach is cleaner.I have tried & it works.

CORS not working with hapijs and socket.io

node.js,socket.io,cors,hapijs

so the problem was setting the host to localhost, instead i used 0.0.0.0 as explained here

How can I set CORS in Azure BLOB Storage in Portal?

jquery,ajax,azure,cors

How can I configure CORS in Azure BLOB Storage in Portal? Currently Azure Portal does not have this feature. If you want you can always set the CORS rules for blob storage programmatically. If you're using .Net Storage Client library, check out this blog post from storage team: http://blogs.msdn.com/b/windowsazurestorage/archive/2014/02/03/windows-azure-storage-introducing-cors.aspx....

Failed to call CORS web service from jquery and plain javascript

javascript,jquery,ajax,cross-domain,cors

You have two problems. Leaving the page You are triggering the Ajax request in response to a submit button being clicked. Immediately after sending the request, the form submits and you leave the page, which causes the browser to abort the Ajax request. The usual way to prevent the form...

Play 2.3 override global SecurityHeadersFilter X-FRAME-OPTIONS for a specific action

scala,cors,playframework-2.3

Use action composition. First, create the Action : import play.libs.F.Promise; import play.mvc.Action.Simple; import play.mvc.Http.Context; import play.mvc.Result; public class XFrameOptionAction extends Simple { @Override public Promise<Result> call(Context ctx) throws Throwable { ctx.response().setHeader("X-Frame-Options", "GOFORIT"); return delegate.call(ctx); } } Then, use it in your controller import play.mvc.Controller; import play.mvc.Result; import play.mvc.With; public class...

CORS issue with node rest api and angularJS app on 2 ports

angularjs,node.js,api,rest,cors

You are making a request to an unknown protocol. Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https, chrome-extension-resource. You need to change this: method: 'GET', url: 'localhost:9001/memories' }; ...to this: method: 'GET', url: 'http://localhost:9001/memories' }; Alternatively, you could set it to //localhost:9001/memories and the...

Golang + CORS. Global setting somehow?

go,cors

You can make a simple middleware for that: type CORSMiddleware struct { http.Handler } func (cm CORSMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) { w.Header().Set("Access-Control-Allow-Origin", "*") cm.Handler.ServeHTTP(w, r) } Then, you can use it like that: var h http.Handler = CORSMiddleware{cont} r.Handle("/accounts", h) r.Handle("/accounts/{id}", h) ...

Cross-Origin Request Blocked when accessing O365 Rest API

cors,office365

The Office 365 APIs explicitly don't support cross-origin resource sharing, or CORS. That's basically when a script that executes in the browser (like your AJAX request) in your web page tries to access something outside of the domain of your web page. We have it on our roadmap to support...

AngularJS & Spring Security with ROLE_ANONYMOUS still returns 401

angularjs,spring-mvc,spring-security,cors,spring-security-oauth2

Ok, after reviewing the screenshot, we noticed the method was OPTIONS instead of POST. The problem was not in the headers (we were checking those so much that we weren't seeing the obvious), but in the pre-flight request OPTIONS due to CORS. Here's a nice article about it. Our Spring...

How can I avoid CORS restriction for web audio api?

javascript,cors,web-audio

There are five ways to deal with the protections against cross-origin retrieval: CORS headers -- this is ideal, but you need the cooperation of the third-party server JSONP -- not appropriate for streaming content and you typically need the cooperation of the third-party server Iframes and inter-window communication -- probably...

CORS error for rails API

ruby-on-rails-4,cors

Honestly easiest thing to do is use this and then set up your configuration in the config/application.rb file.

Cross origin AJAX request with JSON breaks when authentication is required

php,ajax,json,jsonp,cors

I believe I have solved the problem - I have not quite fully rewritten the application but I am able to make the call and get a response so it should all be plain sailing from here on out (famous last words, haha). Anyway, the changes I made were as...

XMLHttpRequest: Network Error 0x80070005, Access is denied on Microsoft Edge (but not IE)

javascript,ajax,internet-explorer,cors,microsoft-edge

Microsoft Edge does not currently support (out of the box) localhost testing. You can however enable it by following the guidance provided here: http://dev.modern.ie/platform/faq/how-can-i-debug-localhost/. We're working on resolving this in a future release....

CORS support for dl.dropboxuserconent.com?

javascript,cors,dropbox-api

It seems to be working fine for me. Perhaps you can share the code you're using and the specific issue you're seeing: $ curl -i https://dl.dropboxusercontent.com/s/mrt5fei8gsndfqb/test.json -H Origin:www.example.com HTTP/1.1 200 OK accept-ranges: bytes Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Accept-Ranges, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time Access-Control-Max-Age: 600 cache-control: max-age=0 content-disposition: inline; filename="test.json"; filename*=UTF-8''test.json...

Setting CORS for a Tomcat7 / Geoserer deployed on OpenShift

tomcat7,cors,openshift

Just to confirm, the current version of Tomcat 7 (JBoss EWS 2.0) supports CORS. All I did was to edit .openshift/config/web.xml and add following filter: .openshift/config/web.xml <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> I push the changes to my openshift gear and two minutes later my...

CORs rule not found when putting data in azure storage

ajax,cors,windows-azure-storage

Good evening, There are a few things I would like you to try simultaneously, when you get a chance: 1. Change your Allowed Headers to: "Origin,X-Requested-With,Content-Type,Accept,Authorization,Accept-Language,Content-Language,Last-Event-ID,X-HTTP-Method-Override, x-ms-*". NOTE: You may not need all of these, but for now, add them all to see if we can get it working. 2....

NodeJS/Express PUT request failing with: No 'Access-Control-Allow-Origin' header is present on the requested resource

node.js,express,cors

I got in touch with the lead developer of corser and found them very helpful. This was the magic bullet that got me past my CORS issues. var corser = require('corser'); // Configure CORS (Cross-Origin Resource Sharing) Headers app.use(corser.create({ methods: corser.simpleMethods.concat(["PUT"]), requestHeaders: corser.simpleRequestHeaders.concat(["X-Requested-With"]) })); app.all('*', function(request, response, next) { response.header('Access-Control-Allow-Headers',...

CORS issue when using $http.post() in angularjs

javascript,angularjs,cors,openid-connect,identityserver3

The service you are requesting is not allowing CORS (no Access-Control are sent as part of the response). You would need to include the header Access-Control-Allow-Origin: * as part of the response. See this : http://www.html5rocks.com/en/tutorials/cors/ Also refer this: http://better-inter.net/enabling-cors-in-angular-js/...

Cross-Domain issue in Chrome possibly b/c of strange Dart HttpRequest behavior

ajax,google-chrome,amazon-s3,dart,cors

I finally managed to fix the bug. No, it's neither a Chrome nor a Dart bug. It has something todo with some cache. The solution is a dirty string query hack which is simple to do: HttpRequest req = new HttpRequest(); req.open('GET', '${item.get('upload').get('url')}?t=${new Random().nextInt(99999)}'); req.setRequestHeader('Range', '0-99'); req.onReadyStateChange.where((e) => req.readyState ==...

WCF handling CORS & Options VERB

wcf,iis,cross-domain,cors

So finally Got it to Work. This post helped me out. enabling cross-origin resource sharing on IIS7 Turns out that the problem was in IIS 6 Site settings. Solved it by the following steps : In IIS, Select Site -> RightClick (Properties) -> Under the Directory Tab Select Configuration Button....

angularjs $http service doesn't set cookie on POST but does with GET

angularjs,cookies,asp.net-web-api,cors,ionic-framework

I finally figured it out: 1) after comparison of working GET request with failing POST, I noticed that GET wasn't preflighted with OPTIONS, while POST was 2) in the CORS definig materials I read that OPTIONS are not sending any cookies As a resolution I added checking request method in...

Restangular XMLHTTPRequest cannot load, but browser show response

javascript,angularjs,cors,restangular

Answering my question! The problem was in my Flask app! The annotation @app.after_request wasn't working since I've changed to the factory app pattern. Now its working and I can continue writing the Angular side of the application. Thank you!...

Asp.Net WebApi2 Enable CORS not working with AspNet.WebApi.Cors 5.2.3

c#,rest,cors,asp.net-web-api2

I've created a pared-down demo project for you. Source: https://github.com/bigfont/webapi-cors Api Link: https://cors-webapi.azurewebsites.net/api/values CORS Demo: https://jsfiddle.net/shaunluttin/Lbfk2ggu/ You can try the above API Link from your local Fiddler to see the headers. Here is an explanation in short. Global.ascx All this does is call the WebApiConfig. It's nothing but code organization....

Cross Domain Ajax Call in Atom Shell

cors,electron

If the webpage is loaded in "file://" mode and not served by an http server, you can make ajax calls by default. If you still have troubles with CORS restrictions, you can set this option to the browser-window object : var BrowserWindow = require('browser-window'); var win = new BrowserWindow({ 'web-preferences':...

Docker Registry 2.0 enable CORS

ajax,docker,cors,docker-registry

No, unfortunately, the v2 registry does not support any CORS options as of this question and answer. The v2 registry is a brand new project written in a completely different language (Go versus v1's Python), and so many of the features available for v1 have not yet been implemented for...

Cross-Domain OAuth… how to get response?

javascript,google-chrome-extension,oauth,cors

How about the following: In the final stage of the auth flow you can redirect to server.com you since you own server.com you can inject a script at the end that passes data to the extension via window.opener.postMessage For example, in the final page rendered by server.com: window.opener.postMessage({"userhash": "abc1234567890"}, '*');...

Ajax CORS Headers Error

php,jquery,ajax,http-headers,cors

I strongly suspect that the CORS is failing simply because of the HTTP 500 code returned from the server. Thus, although the response contains valid information for CORS, the client ignores the information due to the message code indicating the response being invalid. Why 500 is being returned, is dependent...

Enabling CORS in .ajax POST

javascript,jquery,ajax,json,cors

I have the same problem, I solved this issue at my server side code, not in the ajax request. in my case; I am using cakePHP at server side. I added this code to my php controller. header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Methods: POST, GET, OPTIONS"); header("Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type, Accept"); ...

CORS ajax request clarification

javascript,jquery,ajax,cors

This is because of the “same origin” policy of web browsers. This prevents a script on one website to make requests on another website on your behalf. Enabling CORS is safe as long as you trust the allowed client, which is probably not the case if the client is at...

Enable CORS Apache Tomcat 7.0.52 [duplicate]

java,apache,tomcat,cors,activation

Your web.xml looks ok, so I'm expecting it does set the response header as requested (your question doesn't make this clear either way). However on some modern browsers (Chrome, Firefox etc.), you'll find they won't allow wildcard origins: <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> Instead, you'll need to specify an expected...

How to work around the CORS issue in Surface API from mapbox?

ajax,api,cors,mapbox

We can send cross domain AJAX requests using JSONP. Below is the simple JSONP Request: $.ajax({ url : url, dataType:"jsonp", }); Source Working like a charm. :)...

CORS Issue When Requesting from ExtJS to node.js. Request or Response Header Incorrect?

ajax,node.js,extjs,http-headers,cors

There seems to be issues with both CORS and HTTPS in your server... You should try this middleware for the CORS part, and make it work when accessing the page in raw HTTP first. As far as I know, you'll have to use different ports for HTTP and HTTPS. And...

How to enable CORS on DIVSHOT?

angularjs,wordpress,header,cors,divshot

just in case someone wants to know, at time of doing the request you have to send more params, look at the example, I have it working now getBlogs: function($scope) { $scope.postsURL = 'http://urbanetradio.com/wp-json/posts?_jsonp=JSON_CALLBACK'; $http.jsonp($scope.postsURL).success(function(data, status, headers, config) { console.log(config); $scope.posts = data; }).error(function(data, status_headers, config) { console.log('error'); }); }...

ServiceStack V4 Basic Auth with wrong credentials + CORS

c#,.net,servicestack,cors

I was able to workaround on this issue using following configuration in AppHost: UncaughtExceptionHandlers.Add((req, res, name, exception) => { //this is needed for inclusion of CORS headers in http error responses //(for example when invalid user credentials passed) res.ApplyGlobalResponseHeaders(); }); ...

Problems with Angular, CORS and Spring

angularjs,spring,post,cors

You need to add additional options in the Access-Control-Allow-Headers Here are the options usually used: response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); ...

Is cors not allowed on chrome by default even if server has implemented cors?

google-chrome,cors

After did some testing, I have got my answer. Most of the online materials or blogs are not clear about this point, you can send cross origin request by: either has the server implement cors, i.e. the response header needs to have Access-Control-Allow-Origin: * or you --disable-web-security your chrome browser...

Invalid RegEx in Nodejs

javascript,regex,node.js,cors

The problem here is that you need to escape the special characters (for example the dot) in the string you concatenate. Find here a function to escape a string for a regular expression: RegExp.escape= function(s) { return s.replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&'); }; var allowedOrigin = new RegExp( '^https?://(' + config.get('http:allowedOrigins').map(RegExp.escape).join('|') + ')(:\\d+)?(/.*)?$'...

Can AS3 recognize the CORS permissions from the header?

node.js,actionscript-3,express,cors

No, there is no way. You need crossdomain.xml at the root of your domain.

SoundCloud Api redirect confusion and Audio Api Streams

javascript,ajax,cors,soundcloud,web-audio

When you run the request for https://api.soundcloud.com/tracks/140326936/stream?client_id=5c6ceaa17461a1c79d503b345a26a54e you get a HTTP 302 Found response from the server, which is a URL redirect (http://en.wikipedia.org/wiki/HTTP_302). This will cause your browser to load from the new URL that the server returns, and thus the two requests you see. The server basically says "yeah,...

Using rack-cors with Rackspace CDN issues

ruby-on-rails,cors,rack,font-awesome,rackspace

To get CORS working properly, you'll need to set the CORS headers on the Cloud Files object on Rackspace's end, rather than the ones served by your app. You can do this from the control panel by clicking on the gear icon next to each file: The Cloud Files documentation...

Vanilla JavaScript CORS request with XDomainRequest in IE8 not working

javascript,ajax,internet-explorer-8,cors,xdomainrequest

Internet Explorer's XDomainRequest will never send the Cookies or Authorization headers. This means that if the target of your request is protected, the request can never be authenticated. If you really have to do this (I had to do this in the past for native HTTP streaming) you need the...

Why does my XMLHttpRequest not allow XSS?

javascript,xmlhttprequest,client,cors,xss

After more research. It seemed that the easiest solution was to create my own proxy. Convert the static site into a blank ASP.Net Web Application Create a generic handler in the project that contacts the bbc feed from the server Call that handler from the client side JS Here is...

AngularJS - Getting a website content (GET) from url

javascript,angularjs,cors

You are trying to make cross origin request to google.com. Google needs to accept your domain in order to do CORS. You do not have permission to do that action. Please look this documentation about CORS The solution is to make a request to your backend service and let that...

Avoiding preflight OPTIONS requests with CORS

asp.net,angularjs,http,asp.net-web-api,cors

I think this post (How to apply CORS preflight cache to an entire domain) pretty much says it all - there is not much you can do about this The one simple solution is to add a reverse proxy to the proxy/webserver serving your angular app (e.g. nginx) to route...

enable cors for web pages deployed within a war

java,cors,glassfish-3

How about adding an Filter for the path you want like "/static/*.json" and set the response headers in the filter ?

Can not render image from S3 bucket in WebGL

javascript,amazon-s3,cors,webgl

According to MDN In order to load it with CORS as a WebGL texture, we set the crossOrigin attribute on it: var earthImage = new Image(); earthImage.crossOrigin = "anonymous"; Now we load it as usual: earthImage.onload = function() { // whatever you usually to do load WebGL textures }; earthImage.src...

Am I able to retrieve a JIRA HTTP URL using a GET Request when I use CORS?

asp.net-mvc,vb.net,cors,jira

I have found out that the JIRA system that I was trying to pull information was not hosted online so that was the reason why I was not able to retrieve information and it was giving me the error: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:XXXXX'...

creating a select element and setting value with Javascript

javascript,forms,cors

select elements have option elements to go with it: var formElement = document.createElement("select"); var optionElement = document.createElement("option"); optionElement.value = "foo"; optionElement.text = "foo" optionElement.selected = true; formElement.appendChild(optionElement); formElement.id = "bar"; Demo: http://jsbin.com/tebasecahi/1/edit?html,js,output...

D3.js JSON parse error

javascript,json,svg,d3.js,cors

You are misunderstanding what d3.json is used for. d3.json makes an actual AJAX request (hence why in the documentation names the chapter as Requests) so it is literally trying to fetch that obj but can't because it doesn't need to. If you really want to use d3.json, you can move...

Why does CORS allow sending data to any server?

javascript,cross-domain,cors,same-origin-policy

The same-origin policy is designed purely to prevent one origin from reading resources from another origin. The side effect you describe -- preventing one origin from sending data to another origin -- has never been part of the same-origin policy's purpose. In fact, sending data to another origin has never...

POST Blocked even when CORS is enabled

java,javascript,angularjs,spring-mvc,cors

Add Content-Type to Access-Control-Allow-Headers in your filter. Tested on my local with success. response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "Content-Type, Origin, Cache-Control, X-Requested-With"); response.setHeader("Access-Control-Allow-Credentials", "true"); ...

Image onload is not getting called

javascript,cors

I changed my code. Now I am sending the bytes from server instead of Image url using code : URL u = new URL(url); InputStream is = u.openStream(); byte[] = IOUtils.toByteArray(is); ...

how to disable the cors request while redirecting to another url

ajax,spring,cors

I was able to successfully do it using spring Redirect model and View method. I stopped using response.sendRedirect. ModelAndView model = new ModelAndView(); model.setViewName("redirect:" + authURL); return model; ...

JQUERY AJAX GET - CORS Header PHP

javascript,php,jquery,ajax,cors

ur getting "undefined" cause "document.write" is called before the callback. <!DOCTYPE html> <html> <head> <meta name="viewport" content="initial-scale=1.0, user-scalable=no"> <meta charset="utf-8"> <script type="text/javascript" src="http://code.jquery.com/jquery-1.11.3.min.js"></script> </head> <body> <!-- Script at the end --> <script type="text/javascript" > var data_from_ajax = ""; $.get('script.php', function(response) { // This function is called when script.php has...

(CORS) How does the browser know when to do a pre-flight request

javascript,rest,dom,xmlhttprequest,cors

The browser will send a preflight request if: You add custom headers to your request You use a method other than GET, HEAD or POST You use POST with an unusual Content-Type. More details here: HTTP access control (CORS), Preflighted requests...

How can I bypass or set up CORS for Unity3D?

.htaccess,cors,webgl

Well as it turned out, it's entirely on the Yahoo Games Network side. Even though they claim to support the WebGL features of Unity, they're trying to get you to upload it to their custom web host rather then letting you run it on your own site. Hence, the CORS...

XMLHttpRequest to Restivus API

javascript,meteor,xmlhttprequest,cross-domain,cors

The answer is more than obvious after finding out. I just need to to set the options method in the restivus route to authRequired: false. You cannot send a complete header with credentials when doing a preflight. Now I am first doing the preflight and then sending the real post.

Access-Control-Expose-Headers Configuration for Custom Response Headers AngularJS

angularjs,spring,cors

Issue is with your API GreetingController.java change the greeting method to return ResponseEntity and use HttpHeaders, as below @RequestMapping("/greeting") public ResponseEntity<Greeting> greeting(@RequestParam(value = "name", defaultValue = "World") String name, @RequestHeader("Request-Header") String headerName) { MultiValueMap<String, String> headers = new HttpHeaders(); // Sets our custom response header headers.add("Response-Header","Steve"); return new ResponseEntity<Greeting>(new...

blocking CORs from origin

cors

For Ajax requests, all CORS configuration needs to be done on the target server only. As you've said, api.yelp.com needs to respond with an Access-Control-Allow-Origin header of either * or http://example.com. If the request has any non-simple components (HTTP verb other than GET or POST, and/or any non-simple headers) then...

DELETE is not allowed by Access-Control-Allow-Methods

javascript,jquery,google-chrome,http,cors

The value of Access-Control-Allow-Methods needs to be a comma separated list, not a space separated one. From MDN: Access-Control-Allow-Methods: <method>[, <method>]* ...

No 'Access-Control-Allow-Origin' header on one site, but not on another

c#,jquery,ajax,asp.net-web-api,cors

Looks like the problem might have been that one of the servers had WebDAV installed: http://brockallen.com/2012/10/18/cors-iis-and-webdav/ I added these changes to the web.config, and the error we had been seeing went away. (We are, of course, now seeing different problems, unrelated to this, but then, this is programming ;)...

Tomcat application fails to start after adding CORS support

maven,tomcat,cors

The server will reject jars which already belong to the servers runtime (tomcat-**.jar, servlet*.jar, ...). Try this CORS filter instead: http://mvnrepository.com/artifact/com.thetransactioncompany/cors-filter pom.xml <dependency> <groupId>com.thetransactioncompany</groupId> <artifactId>cors-filter</artifactId> <version>2.4</version> </dependency> web.xml <filter> <filter-name>CORS</filter-name>...