Origin null is not allowed by Access-Control-Allow-Origin. - javascript

I browse the answer for this question, but haven't find a good answer for me yet.
var request = new XMLHttpRequest();
request.onreadystatechange = function(){
if(request.readyState == 4 && request.status == 200){
var response = response.responseText;
window.open(response, "_blank", "location = 0, menubar = 0");
}
}
request.open("POST", "http://localhost/save.php", true)
request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
request.send("imag="+data);
the above is my javascript code. I did use http:// instead of file://, and I did put the files on XAMPP server. I also use header('Access-Control-Allow-Origin: *') in my save.php as someone mentioned, but I still get the same error.
Some help please...

I finally get it. When they say using http to open the file, they mean 2 things.
in javascript's open method, use http to open. I did this.
in the browser, also use http. I didn't do this.
before, I just double click the file and it opens in chrome
by File:// ...., I need to open the file in chrome manually
by typing in http:// ....
Silly mistakes...

Related

javascript opening a new window, setting its content AND its location without reloading that location for security

I am trying to implement an HTTP(due to memory resource limitation on embedded devices I can't use HTTPS) webserver security system.
I need to do this in case a hacker deploy a webserver with the same IP as mine (yes I know about IP conflict it shouldn't be possible but I tried and it worked) or hack my DNS server which will result in his server and mine to have the same domain for the browser and as result, the hacker can access the session storage in which I'm storing credentials (i know I shouldn't use session storage for credentials but due to many other vulnerabilities this is the best I can work with).
For this reason, before opening every page I must check that the received page is actually the original webpage and not a page sent by a hacker (phishing page for example) to extract the credentials, if it is a valid page I can continue and open it in the browser, and if not valid an alert is shown.
I check the validity of the page by checking a turning key only known by a (locally saved HTML file or a browser's extension) and the server with an ajax function. The key is sent with the page in the header:
var url="http://192.168.8.14";
......
xhr.onreadystatechange = function()
{
if(xhr.readyState == 4 && xhr.status == 200)
{
if (xhr.getResponseHeader("identity_key") == identity_key)
{
//ORIGINAL WEB PAGE
}
}
};
xhr.open("GET", url+"?userIndex="+userIndex+"&identificationSalt="+identificationSalt, true);
xhr.send(null);
now i have all the validated html page inside the xhr.responseText which i would like to open inside a new tab or current tab and with the location pointing to url because the validated page contain relative paths and javascript src files with relatives paths which need the location to work like this :
<script src="sha.js"></script> or window.location.href = "http://"+window.location.host+"/controle
but when the location is pointing to the URL it mustn't reload the page otherwise the browser will load another page that is not validated.
I tried every way I can think of including this :
var url="http://192.168.8.14";
......
xhr.onreadystatechange = function()
{
if(xhr.readyState == 4 && xhr.status == 200)
{
if (xhr.getResponseHeader("identity_key") == identity_key)
{
history.pushState(null, null, url);
document.documentElement.innerHTML=xhr.responseText;
}
}
};
xhr.open("GET", url+"?userIndex="+userIndex+"&identificationSalt="+identificationSalt, true);
xhr.send(null);
but it gave me this error:
Uncaught DOMException: Failed to execute 'pushState' on 'History': A history state object with URL 'http://192.168.8.14/' cannot be created in a document with origin 'null' and URL 'file:///C:/Users/ladne/Desktop/Untitled-1.html'.
at XMLHttpRequest.xhr.onreadystatechange (file:///C:/Users/ladne/Desktop/Untitled-1.html:73:33)
error
i also tried :
var page = window.open();
page.document.open();
page.document.location="http://192.168.8.14/";
page.document.write(xhr.responseText);
page.document.close();
can anyone help, please?

Link triggering XMLHttpRequest

I have made a simple XMLHttpRequest which does work, it sends request etc. Just like in W3 schools.
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
document.getElementById("demox").innerHTML = this.responseText;
}
};
xhttp.open("POST", "textx.php", true);
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhttp.send("fname=" + textxx);
}
The problem starts when I try to trigger the request by clicking a link, which sends me to the php file which processes the request. I find it hard to understand on my current level why it doesn't work, since it worked with simple forms and such.
I get:
"Notice: Undefined index: fname ..."
So, I assume, it means the variable wasn't sent. Can someone explain? Or is there way to debug the things that are being sent from one page to another. All I found was a debugger in chrome which indeed captures the requests, but has no real use, since I get sent to the textx.php page and all is lost.
Not really sure, where your problem might be, maybe try:
var xhttp = new XMLHttpRequest();
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhttp.open("POST", "textx.php", true);
xhttp.onreadystatechange = function() {
if (this.readyState === 4){
if(this.status===200 || this.status===0){
document.getElementById("demox").innerHTML = this.responseText;
}
};
var fname = "fname=" + textxx;
xhttp.send(fname);
}
You might console.log(xhttp); and see the step by step profile and find out where the problem might be.
Either way, I am still not sure, but I uploaded my page(code) to a hosting server and the code worked. PHP didn't show any warnings and all went as planned. The problem it seems has to do something with running a local server(WAMP). Changing PHP version didn't help. I may need to dig a little deeper on this.

How do I count the number of characters in a web page?

I am trying to create a web page that opens another web page when you click the "Try It" button, and then counts the number of characters in that webpage. Right now, this web page successfully opens the web page I ask it to open, but the length of the web page in characters is "undefined". I do not want to get rid of the XMLHttpRequest or the line of code below it, because I am planning to expand this webpage to enable it to parse the webpage by certain specific keywords later. Here is the code:
<!DOCTYPE html>
<html>
<body>
<p>Click the button to open a new browser window.</p>
<button onclick="myFunction()">Try it</button>
<script>
function myFunction() {
window.open("https://www.gutenberg.org/files/1065/1065-h/1065-h.htm");
var req = new XMLHttpRequest();
req.open('GET', 'https://www.gutenberg.org/files/1065/1065-h/1065-h.htm', false);
alert(req.length);
}
</script>
</body>
</html>
Any assistance that anyone can provide me would be greatly appreciated. Have a nice day.
First of all you need a flag header in the remote server that allow your url to make XMLHttpRequests.
Access-Control-Allow-Origin: * or Access-Control-Allow-Origin: yoururl.com
Another problem is that https version has a redirect to http version, then you could have problems if you are executing this from a https site, because of "mixed content" behaviour of client's browsers. Also synchronous XMLHttpRequest (false flag) is deprecated or going to be deprecated soon https://xhr.spec.whatwg.org/ .
If you perform this in the same domain (http gutenberg) it works. You should try executing this in your http server, and looking the console expecting not to have Access-Control-Allow-Origin restriction.
var req = new XMLHttpRequest();
req.open('GET', 'http://www.gutenberg.org/files/1065/1065-h/1065-h.htm', true);
req.onreadystatechange = function (aEvt) {
if (req.readyState == 4) {
if(req.status == 200)
console.log(req.responseText);
else
console.log("Error loading page\n");
}
};
req.send(null)

JavaScript: How to access to a given URL without opening its web page in a browser

I would like to know if it is possible in JavaScript to access to a given URL without opening its web page in a browser . Actually, what I'm really trying to do is parsing through a page (given its URL) and clicking on the first link that it contains without even opening that web page in my browser. Is that doable with JavaScript. In case it is, how should I do that? What function (or functions) should I use? In case it is not, what would the alternative solutions be?
What you need is to make an HTTP request to the URL and process the results. You can do that in JavaScript using the XMLHttpRequest object. Example:
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
console.log(this.responseText);
}
};
xhttp.open("GET", "put_the_URL_here", true);
xhttp.send();
However, it is easier to use a library like jQuery.Ajax for that:
$.ajax({
url: "put_the_URL_here",
context: document.body
}).success(function(data) {
console.log(data);
});
For this to work, the URL that you're trying to access must have CORS enabled.

post http request to 3rd party server and get response with redirect

I have asp.net mvc project with form I need to send as httpRequestObject.
I'm trying for few days already to make simple XMLhttp request to 3rd party Credit card clearing company url and get back the response with redirect which on XML format - I don't care if redirection made by iframe or popup
checked all over the internet for solutions, tried it on JavaScript - but as far as I understood I'm not able to do it with JS, tried asp.net and c# also but nothing works for me.
checked all solutions here but still nothing work.
checked if I'm blocked in any way like proxy or firewall, and it's not the issue.
My current JS code is -
function createMPITransaction() {
var terminal_id = "0962832";
var merchant_id = "938";
var user = "my-user";
var password = "my-password";
var url="https://cguat2.creditguard.co.il/xpo/Relay";
var xmlStr = "my string";
var http = new XMLHttpRequest();
http.open("POST",url, true);
//Send the proper header information along with the request
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.setRequestHeader('Access-Control-Allow-Headers', '*');
http.setRequestHeader('withCredentials', true);
http.setRequestHeader('responseType', 'text');
var response = http.responseText;
http.onreadystatechange = function () {//Call a function when the state changes.
if (http.readyState == 4 && http.status == 200) {
alert(http.responseText);
}
}
console.log(xmlStr);
console.log(http);
http.send(xmlStr);
and getting this from console -
XMLHttpRequest {readyState: 1, timeout: 0, withCredentials: false, upload: XMLHttpRequestUpload, responseURL: ""…}
Am I be able to do it on JS?
If not, how could I do it on asp.net c#?
the limitation of request to 3rd party server, and get redirection is not common and make it real challenge.
As far as just the code for redirection is concerned, you can look at similar answer, like for example: https://stackoverflow.com/a/3836811/6298965
What you may be still missing is to check if your request is specification compliant or you're actually getting an error so you're not redirected.
After an initial analysis, I guess that a jsonxml is likely needed for the api call.
Moreover it'd be better if you use or at least look at a github implementation: https://github.com/mderazon/creditguard-node/blob/master/lib/creditguard.js

Categories

Resources