My node backend is set on Heroku, React frontend on Netlify. On firefox everything works good but on chrome I can login (post request) and then I can't move on my page cuz cors policy blocks my get requests to the server.
Access to XMLHttpRequest at 'https://xxx.herokuapp.com/api/fetchPurchasedPrizes' from origin 'https://xxx.netlify.app' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
My backend cors setup
app.use(
cors({
credentials: true,
origin: 'xxx.netlify.app',
}),
);
On localhost both browsers worked good.
Simple solution, I just had to add
cookie: {
sameSite: 'none',
secure: 'true',
},
to my session config.
Related
I am testing a backend SOAP API with Ionic and I am getting CORS problems.
The app is launched with ionic serve that has http://localhost:8100 origin
I enabled the MOESIF CORS and ORIGIN extension with this configuration:
When I do a GET request to
http://host/WebService1.asmx?WSDL
It works fine but when I do a POST request to
http://host/WebService1.asmx
With a xml body it returns this error.
Access to XMLHttpRequest at 'http://host/WebService1.asmx' from origin
'http://localhost:8100' has been blocked by CORS policy: Response to
preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource.
I have tried whith Safari with the security disabled and works all fine but I need to work with Chrome
What would be doing wrong?
When i tried to import babylon file, i received the error Access to XMLHttpRequest at 'myfilepath' from origin 'null' has been blocked by CORS policy:
I have no idea on CORS, and please help me by briefing it to the beginner level.
1)Access to XMLHttpRequest at 'file:///C:/Users/AJDA/Documents/Palatisation/web%20files/box.babylon' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https.
2)BJS - [17:27:13]: Unable to import meshes from box.babylon: importMesh of undefined from undefined version: undefined, exporter version: undefinedimportMesh has failed JSON parse
m._ErrorEnabled # babylon.js:1
Hello this is unfortunate but this is a security constraint enforced by browsers. Files can only be served from a webserver (like apache, IIS, etc...) from your localhost
I am trying to route all requests using:
var config = {
mode: "fixed_servers",
rules: {
singleProxy: {
scheme: "https",
host: "localhost"
},
bypassList: ["foobar.com"]
}
};
chrome.proxy.settings.set(
{value: config, scope: 'regular'},
function() {});
This works wonderfully for all http:// websites but not https://. It seems that Chrome doesn't even connect to the proxy in those cases but simply returns ERR_EMPTY_RESPONSE (no packets in the VPN from chrome)
https proxies differ from http proxies. It is HTTPS protocol, not HTTP.
https://en.wikipedia.org/wiki/HTTPS
As i understand you run proxy on local machine, so you need https proxy software.
Smth like this https://www.npmjs.com/package/https-proxy-agent
http:// and https:// means protocol. So is ftp, pop, smtp, ed2k, bitcoin... an so on.
Don't use "https" scheme instead use "http"
If proxy server protocol is "https" then "http" scheme will work like "https"
Google Chrome version 103.0.5060.114 64 bit
I have a protractor selenium test for an angular2 that I run with protractor conf.js --params.login.username=John --params.login.password=Doe. The test shall try to log in to my backend and fail with access denied.
This is the conf.js:
exports.config = {
framework: 'jasmine2',
seleniumAddress: 'http://localhost:4444/wd/hub',
capabilities: {
'browserName': 'chrome'
},
baseUrl:'http://127.0.0.1:4200',
specs: ['mytest.spec.js'],
useAllAngular2AppRoots: true,
jasmineNodeOpts: {
showColors: true,
defaultTimeoutInterval: 30000
}
}
The webdriver was started with webdriver-manager start. The app loads fine and the test fills out the Auth0 popup as shown below. It then clicks the submit button. However, this leads to the error message below being shown instead of the login happening. If I understand correctly, Auth0 can't reach the auth server (which is not the issue when logging in manually).
The version of auth0 lock is 10.0.
Through browser.pause() I could verify that other non-localhost addresses like stackoverflow.com are accessible.
Any idea where this might come from and how to solve it?
Update:
In the developer console the following message is displayed.
XMLHttpRequest cannot load https://MYDOMAIN.eu.auth0.com/usernamepassword/login.
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://127.0.0.1:4200' is therefore not allowed access.
The problem was, that the local url http://127.0.0.1:4200 was not listed in the auth0 dashboard under Allowed Origins (CORS), only http://localhost:4200 which I used for testing manually.
The issue was resolved by adding http://127.0.0.1:4200 to Allowed Origins (CORS) and adding the appropriate callback URLs to Allowed Callback URLs.
On OS X I have a simple html page which I open using a file:///... url. This page contains javascript which attempts to load a http://... resource.
This works using Safari, but it doesn't work under Firefox or Chrome.
The error message I get from those browsers are:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://whatever/etc. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Is there to get the page to work under Firefox and Chrome?