I am trying to request some json resources from google apis (picasa photos) from my JS. Can someone explain why my request would succeed when my site is served as localhost on my mac, but not from my development server (using chrome browser)?
This happens due to cross domain, cross browser request issues. JSONP may help. Take a look at this example
Cors must be supported and enabled on server side beside the browser compatibity.
Related
I have made some project which sends XHR request to fetch a locally saved JSON file (the file being in the same folder).
I use VS Code with 'live server' extension.
The request, response and every thing else works perfectly fine when I open the html file with Live Server.
But when I open the file without starting any kind of local server, then the request doesn't return any response and instead logs out an error-
(I am using Chrome)
Access to XMLHttpRequest at 'file:///G:/_PROJECTS/Graph%20Plotter/sample_data.json' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https.
I searched online about this and found some google documentation but didn't quite understand it. I want to know what the error is about and how can I fix it?
Also I would be great help if you could simplify it so that I understand it.
Thanks in advance!
I need to have a HTTP server point to my localhost to be able to fetch files locally.
Since XHR needs a network to send HTTP requests, I cannot simply fetch local files without being on any network/server (either internet or local server). The resulting chrome error is due to the fact that chrome has disabled fetching local files without being on any network due to security and privacy concerns
i am making a application by using REST API. the api provide me data but browser block for CORS policy. is it possible solve the issue from client side. or need to work at serve. i have try some nodejs package like cors-anywhere but still having issue
It is not possible to solve for good, because it is handled by server to control the origin request (The origin of the request(client) and the server must be in the same origin). But while you are developing you can use cors chrome extension, it will allow you to make the requests.
Chome extension.
Hope it helps.
webui-aria2 is a tool that allows controlling aria2 (powerful download tool) through rpc methods from a browser.
Using http://ziahamza.github.io/webui-aria2/, one can control aria2, provided the application is launched with the --enable-rpc option. aria2 basically starts an HTTP server listening on localhost:6800.
Great but I am surprised that the browser (both webkit and gecko) allows a page hosted on github.io to make requests to localhost. How come it does? Isn’t this a serious vulnerability?
Requests to localhost from github.io will be treated like any other cross origin request.
JavaScript embedded on the site can't read the data across origins unless either:
Explicit permission is given with CORS or
A hack such as JSONP is used
Presumably the server uses one of those techniques.
I am developing applications using Angular and the client side is 100% JS. I am about to replace an old application made using ExtJS but I will not change the server-side. Only the client-side be re-coded from scratch.
I would like to work on this project from anywhere and any machine but I need to be able to perform cross-domain AJAX queries with the original server (server-side is ASP.NET MVC with IIS and I don't want to install Windows + everything on all the computers I use). Is there a way to do this easily?
Thanks for your ideas!
PS: JsonP is not a solution for me.
Couple of things:
At the end of the day you have to enable CORS in your server.
You can use a CORS proxy https://github.com/gr2m/CORS-Proxy for development. This proxy will actually change the request header of X-Origin which browsers even can but "won't" because of policy. So you will be able to make Cross Origin Requests.
If neither JSONP nor CORS are availble to you as options then you will have to take help of server side scripting.
You can create a method in your server side code and get the response from desired cross domain url and return the response to your javascript function.
You can use CORS (Cross Origin Resource Sharing)
I'm trying to make a webservice call from an html page to the server using XmlHttpRequest. What is the easiest way to get around the cross-domain issue without using a proxy? The remote server takes XML as the request and the response is also in XML. I have access to the server (IIS). I'll need to do GET and POST across the domains. Here's what I've researched so far -
Crossdomain.xml
CORS
JSONP
Is Crossdomain only for for flash players and stuff? CORS kind of seems hard to implement for BOTH client and server. Can JSONP be used for POST?
Thanks for any help.
Edit: I'm trying to run this on a smart device.
It depends on the version of IIS you are using.
At this URL, http://enable-cors.org/ they describe the solutions which you can take to enable Cross Domain access.
For example calling a Data Service www.abc.com/Service from www.zzz.com can be done by enabling a cross domain protocol.
Note that the method for configuring IIS6 and IIS7 / 8 are different.