json data while follow the given link but it is worked when I integrate in our project.
https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=-33.8670,151.1957&radius=500&types=food&name=cruise&key=AIzaSyCaLjRTWe0j9RKu9qG4_9VovLltLtU_hQ8
Servers can enable CORS, meaning that they will accept requests from other domains. However, each server is different and most APIs still do not allow cross-origin requests. It looks like api.geonames.org is one of these that does not support CORS.
Note that CORS only applies to requests sent from a browser. Hitting that API from a backend server (like Node or Rails) will work just fine.
Related
My environment is Nodejs, and I want to make request(http) to api in the internet.
But there are some problems, after using webpack, the console would show me cross
domain error. I guess it is because my api and webpack-server have diffrent in
port. What should I do to solve the problem.
The issue you are experiencing is caused by the server not properly sending a CORS header to allow the request.
If the API is one of your own, you can enable CORS on your server for one, many, or all domains that attempt to access the API. How to do this depends on your server configuration.
If the API is provided by someone else, you may need to contact them or consult their documentation on how to perform a CORS request to their services.
I'm trying to perform an ajax request to a third party api from my web site using javascript (On the client side) and I receive a No 'Access-Control-Allow-Origin' error. When trying to access this from node.js project everything is working fine.
More over, when opening Chrome with --disable-web-security everything is working fine as well.
Any information about this issue will be appreciated :-)
You cannot access a third-party API without using CORS. CORS adds special headers (e.g. Access-Control-Allow-Origin) to the HTTP response. This makes sure, that the API can control which front-end can make a request to it. This means, however, your API needs to recognize your front-end URL and accept requests from it.
You can (a) use CORS on the API side (changes are necessary on the API) or (b) use your server-side language to make the API request (e.g. PHP makes the request to the API and the front-end receives the response from the PHP back-end). Everything else is prohibited by the browser's security settings.
You can read more about CORS e.g. here.
I'm looking for a trick to access an API on a server that I don't have access to using html/javascript. Usually browsers block this for safety reasons. Public APIs like google therefore support CORS headers that let the browser know that the source can be trusted.
I need the solution to be client side because the external API might not be accessible to the hosting server. I do not have access to the API providing server. Therefore options like JSONP and enabling CORS headers are not viable options.
I need a bit of creativity; options I'm considering:
building an application in c# or whatever that can connect to the server and then open a browser. I don't like this option much
Loading a java applet in the page that does the server connection. Also not really great (who uses java appletsanymore)
Thanks in advance,
You can create a simple server what acts as a proxy to provide you the required endpoints. It can be implemented in anything you can host on a server in the same domain like PHP, NodeJS, etc.. Since it won't run in the browser it will have no problem to access external servers.
If all your target devices support HTML5 you can use window.postMessage() too https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
I have a local html file in may desktop accessing a web api (JAX-RS) that responds with some JSON data. I enabled CORS and everything works fine, but only without SSL. How can I do to make it work with SSL? I use a self-signed certificate and can call this web api from a WPF application, but from a JavaScript application (standalone html file), when Chrome sends the OPTIONS pre-flight before the POST, the request seems not to even reach the server. I also tried to import the self-signed certificate in the browser, but nothing has changed.
The preflight request is not allowed to include an entity body or credentials. If you are using preflighted requests then you cannot use two way SSL.
The solution is to change the server to make the certificate optional. I've only done this using Apache HTTP server or Tomcat but I assume other servers are also capable of this.
In apache the setting should be changed to
SSLVerifyClient optional
and in Tomcat the SSL settings should be changed to
clientAuth="want"
Without this change only CORS simple requests will work.
I have setup FineUploader on a site and I included a check box that allows users to upload files using HTTPS if the want to.
Unfortunately if the user accesses the site using http and then tries to use ssl it errors out, I assume because of CORS issues. I assume it is a CORS issue because if I access the site using https and try to upload using ssl it works fine.
I found some documentation about enabling CORS support, but it appears that you either need to make it so only CORS requests will be made or none will be made. In my situation there will be CORS request some times and not others.
Does anyone know of a good work around for this? Should I just reload the entire page using HTTPS when the checkbox is clicked?
If you're uploading straight to Amazon s3, see the note in the official docs, "SSL is also supported, in which case your endpoint address must start with https://" in the script within your uploaderpage.html file.
request: {
endpoint: 'https://mybucket.s3.amazonaws.com',
// Note that "https://" added before bucket name, to work over https
accessKey: 'AKIAblablabla' // as per the specific IAM account
},
This will still work if uploaderpage.html is served over http (or you could populate the endpoint value dynamically if you need flexibility re endpoint).
This will help you avoid the mixed content error when uploading over https, "requested an insecure XMLHttpRequest endpoint", which happens if the page is https but you request a http endpoint.
Just to reiterate what I've mentioned in my comments (so others can easily see this)...
Perhaps you can instantiate Fine Uploader after the user selects HTTP or HTTPS as a protocol for uploads. If you must, you can enabled the CORS feature via the expected property of the cors option. Keep in mind that there are some details server-side you must address when handling CORS requests, especially if IE9 or older is involved. Please see my blog post on the CORS feature for more details.