I'm trying to enable Cross Origin Resource Sharing across two web applications and am still receiving the "Origin X is not allowed by Access-Control-Allow-Origin".
The request looks like this:
Request URL:http://mywebsite:8700/?myparam=blah
Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Origin:http://localhost:1715
Referer:http://localhost:1715/stuff
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1
Query String Parametersview URL encoded
myparam:blah
which gives the error:
XMLHttpRequest cannot load http://mywebsite:8700/?myparam=blah. Origin http://localhost:1715 is not allowed by Access-Control-Allow-Origin.
If I access the URL in the browser directly I get the following response headers and the correct JSON is returned
Request URL:http://mywebsite:8700/?myparam=blah
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Authorization:Negotiate blahblahblahblahblahblahblahblahblah
Cache-Control:max-age=0
Connection:keep-alive
Cookie:blahblahblah
Host:mywebsite:8700
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.79 Safari/537.1
Query String Parametersview URL encoded
myparam:blah
Response Headersview source
Access-Control-Allow-Headers:*
Access-Control-Allow-Methods:*
Access-Control-Allow-Origin:*
Cache-Control:private
Content-Length:11563
Content-Type:application/json; charset=utf-8
Date:Wed, 29 Jan 2014 06:51:49 GMT
WWW-Authenticate:Negotiate blahblahblah==
Using JSONP is a last-resort solution as it would have implications for other applications already calling this method.
Turns out the request was receiving a 401 error, thus the response server not even got a chance to return the Access-Control-Allow-Headers header.
Related
First, I know there are tons of similar issues on StackOverflow and elsewhere. I tried them for days with no luck. So sorry if this sounds duplicate. Correct me if it is actually.
I have Heroku Rails app loading font from CloudFront. Everything else seems to load fine except that font. I get
Access to Font at
'https://domainname.herokuapp.com/assets/LigatureSymbols-2.11-722bc1af51c5e458d52834d798e4c0e8.ttf'
from origin 'null' has been blocked by CORS policy: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'null' is therefore not allowed access.
It says origin null, and access-control-allow-origin is not present. However this is the request and response data:
Request URL:https://domainname-herokuapp-com.global.ssl.fastly.net/assets/LigatureSymbols-2.11-722bc1af51c5e458d52834d798e4c0e8.ttf
Request Method:GET
Status Code:302 Found
Remote Address:151.101.0.249:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Accept-Ranges:bytes
Access-Control-Allow-Origin:*
Age:52
Connection:keep-alive
Content-Length:0
Content-Type:text/html; charset=utf-8
Date:Sun, 16 Apr 2017 10:40:37 GMT
Location:https://domainname.herokuapp.com/assets/LigatureSymbols-2.11-722bc1af51c5e458d52834d798e4c0e8.ttf
Server:gunicorn/19.7.1
Via:1.1 varnish
Via:1.1 vegur, 1.1 vegur
X-Cache:HIT
X-Cache-Hits:1
X-Content-Type-Options:nosniff
X-Frame-Options:SAMEORIGIN
X-Served-By:cache-hhn1527-HHN
X-Timer:S1492339237.333330,VS0,VE0
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Host:domainname-herokuapp-com.global.ssl.fastly.net
**Origin:https://staging.domainname.com**
Referer:https://domainname.herokuapp.com/assets/application-d2b73eea67437c851b6e71803bad2a6c.css
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Name
?store=true&search_type=posts
css?family=Lato:400,300,700
MgNNr5y1C_tIEuLEmicLmwLUuEpTyoUstqEm5AMlJo4.woff2
LigatureSymbols-2.11-722bc1af51c5e458d52834d798e4c0e8.ttf
MDadn8DQ_3oT6kvnUq_2r_esZW2xOQ-xsNqO47m55DA.woff2
icon-close-89c814d2fa53dff86b00936a7a8c836e.png
icon-bell-91b2c7d5db27d9fc9e8325dda55e73c0.png
icon-comment-35728eedd10ff36bc89c7a977ed67764.png
Origin is defined, and it should be allowing all origins. What am I doing wrong?
I add plugin
compile ":cache-headers:1.1.7"
and in config file next line:
cache.headers.enabled = false
now I'm sending this:
Request URL:http://localhost:8080/SomeProject/js/pages/somePage.js?_=1444319608606
Request Method:GET
Status Code:200 OK
Response Headers
view source
Accept-Ranges:bytes
Content-Length:3757
Content-Type:application/javascript
Date:Thu, 08 Oct 2015 15:56:09 GMT
ETag:W/"3757-1432890402118"
Last-Modified:Fri, 29 May 2015 09:06:42 GMT
Server:Apache-Coyote/1.1
Request Headers
view source
Accept:text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Encoding:gzip, deflate, sdch
Accept-Language:ru,en-US;q=0.8,en;q=0.6,en-GB;q=0.4
Connection:keep-alive
Cookie:JSESSIONID=80DE99527007982AF9016B65B20E05D2; _ga=GA1.1.494624836.1438596076
Host:localhost:8080
Referer:http://localhost:8080/SomeProject/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
X-Requested-With:XMLHttpRequest
Query String Parameters
view source
view URL encoded
_:1444319608606
but how I understand in my request also should be:
If-Modified-Since,
If-None-Match
and after refresh I should get 302 status but I always get status 200.
You want a 304 status - 302 is a redirect. But the cache-headers plugin isn't what you want, that's for controller responses. The asset-pipeline plugin and its addon plugins manage caching, minification, etc. for static resources.
I want to serve up static content from my /Content/ folder. Initially I received a 404 error so added the mime type to my WebConfig like so:
<staticContent>
<mimeMap fileExtension=".markdown" mimeType="text/x-markdown" />
</staticContent>
Now I can access this content via direct URL (i.e. see it in my browser) but when I use ajax (AngularJS to be specific) for the request (the URL is exactly the same) I receive a 400 Bad Request error.
What is happening here?
The URL is /content/help/schedules.markdown and I use the following code to request it
return $http({
method: 'GET',
url: '/content/help/schedules.markdown'
})
Edit
I tried to request the data using jQuery and it worked! So apparently its only Angular that is causing a problem!
$.get("/content/help/schedules.markdown",function(yo){console.log(yo)});
Edit 2 - Headers
AngularJS request headers:
Accept:application/json, text/plain, / Accept-Encoding:gzip,
deflate, sdch Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Cache-Control:no-cache Connection:keep-alive
Cookie:csrftoken=Q53T7sBOlAgpNSGh7QJ43LSy1CzUPdmV;
auth=Z3Vlc3Q6Z3Vlc3Q%3D; __ngDebug=true;
__RequestVerificationToken=9ox1j5vvUHDyflvTarxzaLbZumwT0qnWvxT5fXbX1BTwhZwms_tUJe-9Du-r0-SttzuONVd3MeYRpCYCDit5rHzt7v1sK-C9SCsjZ0rE2j41;
m=34e2:|47ba:t|4a01:t|745a:t|2a03:t|54e1:t|77cb:t|ca3:t|4d66:240|18c3:t|1d98:t|79d4:chart|640c:medium|678e:600%7C5|5cf4:t|3a8e:chart|54ae:medium|29ac:600%7C5;
.ASPXAUTH=DA9F6F0DC7114A0A7B1C7A8E0050A4C4FF4D0F2553F0AAE9407DF141D9ED9D930897E28A47F4794C2C5C63A7EA64AEB50CA184B89F07769FEE2241E6292483666C42187BD1DBA66C806665593D20A1FBFCCC9584213D869B58F75E992DD7C77F05FC55BF2CB30AF32165A98C3272D7071610BE0321393B5713C313E5E12FFEE0368F37585210C9C270E57A6D66953FA4ABC7AE7D50905D05BDD7D8A4D0EDF6186F6795263783D973EC9B1C4E11BF1788A596401202E697FC6EB0AFB7D7A6D4DD
Host:localhost:1904 If-Modified-Since:0 Pragma:no-cache
Referer:http://localhost:1904/settings/schedules/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36
X-Requested-With:XMLHttpRequest
jQuery request headers:
Accept:/ Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6 Connection:keep-alive
Cookie:csrftoken=Q53T7sBOlAgpNSGh7QJ43LSy1CzUPdmV;
auth=Z3Vlc3Q6Z3Vlc3Q%3D; __ngDebug=true;
__RequestVerificationToken=9ox1j5vvUHDyflvTarxzaLbZumwT0qnWvxT5fXbX1BTwhZwms_tUJe-9Du-r0-SttzuONVd3MeYRpCYCDit5rHzt7v1sK-C9SCsjZ0rE2j41;
m=34e2:|47ba:t|4a01:t|745a:t|2a03:t|54e1:t|77cb:t|ca3:t|4d66:240|18c3:t|1d98:t|79d4:chart|640c:medium|678e:600%7C5|5cf4:t|3a8e:chart|54ae:medium|29ac:600%7C5;
.ASPXAUTH=DA9F6F0DC7114A0A7B1C7A8E0050A4C4FF4D0F2553F0AAE9407DF141D9ED9D930897E28A47F4794C2C5C63A7EA64AEB50CA184B89F07769FEE2241E6292483666C42187BD1DBA66C806665593D20A1FBFCCC9584213D869B58F75E992DD7C77F05FC55BF2CB30AF32165A98C3272D7071610BE0321393B5713C313E5E12FFEE0368F37585210C9C270E57A6D66953FA4ABC7AE7D50905D05BDD7D8A4D0EDF6186F6795263783D973EC9B1C4E11BF1788A596401202E697FC6EB0AFB7D7A6D4DD
Host:localhost:1904 Referer:http://localhost:1904/settings/schedules/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36
X-Requested-With:XMLHttpRequest
the problem is with this header in AngularJS headers:
If-Modified-Since:0
you should remove this header from this specific request by setting it to undefined:
$http.get($scope.url, { headers: { 'If-Modified-Since': undefined } })
I am attempting to upload an image to my IIS 7 server, but it is coming out corrupted. The same code works on a local instance through Visual Studio.
Local headers:
Request URL:http://localhost:55272/MyProfile/UploadPhoto?qqfile=01.jpg
Request Method:POST
Status Code:302 Found
Request Headersview source
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:464542
Content-Type:application/octet-stream
Host:localhost:55272
Origin:http://localhost:55272
Referer:http://localhost:55272/MyProfile
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1130.1 Safari/536.11
X-File-Name:01.jpg
X-Mime-Type:image/jpeg
X-Requested-With:XMLHttpRequest
Query String Parametersview URL encoded
qqfile:01.jpg
Response Headersview source
Cache-Control:private
Connection:Close
Content-Length:137
Content-Type:text/html; charset=utf-8
Date:Thu, 10 May 2012 06:35:28 GMT
Location:/MyProfile/MyProfile
Server:ASP.NET Development Server/10.0.0.0
X-AspNet-Version:4.0.30319
X-AspNetMvc-Version:3.0
Remote headers:
Request URL:[remotehost]/XMVC/MyProfile/UploadPhoto?qqfile=01.jpg
Request Method:POST
Status Code:302 Found
Request Headersview source
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Authorization:Negotiate -snip-
Connection:keep-alive
Content-Length:464542
Content-Type:application/octet-stream
Cookie:ASPSESSIONIDAABCCDSD=-snip-
Host:[remotehost]
Origin:[remotehost]
Referer:[remotehost]/XMVC
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1130.1 Safari/536.11
X-File-Name:01.jpg
X-Mime-Type:image/jpeg
X-Requested-With:XMLHttpRequest
Query String Parametersview URL encoded
qqfile:01.jpg
Response Headersview source
Cache-Control:private
Content-Length:142
Content-Type:text/html; charset=utf-8
Date:Thu, 10 May 2012 06:35:05 GMT
Location:/XMVC/MyProfile/MyProfile
Persistent-Auth:false
Server:Microsoft-IIS/7.5
WWW-Authenticate:Negotiate -snip-
X-AspNet-Version:4.0.30319
X-AspNetMvc-Version:3.0
X-Powered-By:ASP.NET
Here is my upload method that is called by the upload form:
[HttpPost]
public ActionResult UploadPhoto(object qqfile)
{
// Get current logged in user
var currentUser = _staffRepository.StaffMembers.First(p => p.Login == User.Identity.Name.Replace("Domain\\", ""));
var length = Request.ContentLength;
var bytes = new byte[length];
Request.InputStream.Read(bytes, 0, length);
// bytes has byte content here. what do do next?
var fileName = currentUser.Login + ".jpg";
var saveToFileLoc = string.Format("{0}\\{1}",
Server.MapPath("~/App_Data/uploads"),
fileName);
// save the file.
var fileStream = new FileStream(saveToFileLoc, FileMode.Create, FileAccess.ReadWrite);
fileStream.Write(bytes, 0, length);
fileStream.Close();
return new RedirectResult("MyProfile");
}
If it is relevant I am using this File Uploader
The image comes out on the remote server as all NUL bytes. Any assistance is appreciated.
Turns out this was a Chrome bug that has since been fixed in stable 19.0.1084.52 (released 23rd May).
Specific revision: https://src.chromium.org/viewvc/chrome?view=rev&revision=138291
Detailed analysis: http://inedo.com/support/kb/1019/workaround-for-chrome-file-uploading-bug
I have a backbone app running on top of my Rails app, which is making a number of AJAX requests. Oddly enough, the session ID cookie that my browser stores never seems to change. I can see the next request being made and the reply returning success. The response still hangs on to the old session ID, however, and thus I can't logout or change user state in any way.
Here's an example of the headers being sent:
Request to /login.json:
Accept:*/*
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:_session_id=BAh7CEkiD3Nlc3Npb25faWQGOgZFRkkiJWY0YTI1Y2I5ZDE5MTgyYjJmN2MzMzZiMmE5ZWE2ZTAyBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMTB1ZEozbzJCbUl4ZjluUDdCZVVEOXBhL0ZUeXNVRnFiMlFLblFTVUZPNGM9BjsARkkiDHVzZXJfaWQGOwBGaQg%3D--cf57849d4a4c0cbc5608574d959a772080b3afc5
Host:localhost:3000
If-None-Match:"7363e85fe9edee6f053a4b319588c086"
Referer:http://localhost:3000/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5
X-CSRF-Token:0udJ3o2BmIxf9nP7BeUD9pa/FTysUFqb2QKnQSUFO4c=
X-Requested-With:XMLHttpRequest
Response from /login.json:
Cache-Control:max-age=0, private, must-revalidate
Date:Tue, 15 May 2012 22:44:46 GMT
Etag:"7363e85fe9edee6f053a4b319588c086"
Server:WEBrick/1.3.1 (Ruby/1.9.2/2011-07-09)
Set-Cookie:_session_id=BAh7B0kiD3Nlc3Npb25faWQGOgZFRkkiJWY0YTI1Y2I5ZDE5MTgyYjJmN2MzMzZiMmE5ZWE2ZTAyBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMTB1ZEozbzJCbUl4ZjluUDdCZVVEOXBhL0ZUeXNVRnFiMlFLblFTVUZPNGM9BjsARg%3D%3D--b16d1f8e4bba3c86d5e3e9ece1ae50f1ad898d00; path=/; HttpOnly
X-Request-Id:8e278bdd3504257bcb9956e068ca3ca3
X-Runtime:0.014739
X-Ua-Compatible:IE=Edge
Notice it's giving me a new session ID. Yet when I make my next request...
Accept:application/json, text/javascript, */*; q=0.01
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:_session_id=BAh7CEkiD3Nlc3Npb25faWQGOgZFRkkiJWY0YTI1Y2I5ZDE5MTgyYjJmN2MzMzZiMmE5ZWE2ZTAyBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMTB1ZEozbzJCbUl4ZjluUDdCZVVEOXBhL0ZUeXNVRnFiMlFLblFTVUZPNGM9BjsARkkiDHVzZXJfaWQGOwBGaQg%3D--cf57849d4a4c0cbc5608574d959a772080b3afc5
Host:localhost:3000
If-None-Match:"53135bfd970c6b34f39ea3c4780ed240"
Referer:http://localhost:3000/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5
X-CSRF-Token:0udJ3o2BmIxf9nP7BeUD9pa/FTysUFqb2QKnQSUFO4c=
X-Requested-With:XMLHttpRequest
The cookie has never changed.
I figured it out. I had an async. request firing at the same time, so the browser was never getting a chance to get the proper session ID.