I have a Flask project deployed on AWS / Elastic Beanstalk
I have an embedded Adobe Flash SWF which attempts a POST request method to my published URL. It was previously working, but now it no longer accepts it -- instead, it does nothing.
The POST request does work on localhost, but not when deployed. I believe this may be a permissions issue involving crossdomain / CORS support, but I am not sure. How can I ensure that cross-domain requests are accepted in AWS EB?
Related
I want to ask about the Deployment of Forge API by Azure.
I had done it through the resource from Learn Forge, and it seems to work smoothly on the local site, but when I try to publish it, Although it shows permission
after I sign in, it shows 400 error refused, how can I do this for this error?
This is typically caused by an incorrect callback URL for the 3-legged authentication workflow.
When you develop your application locally, you typically set the callback URL (both in your application's code and in https://forge.autodesk.com/myapps) to something like http://localhost:3000/api/forge/callback/oauth).
However, when you deploy your application to Azure, AWS, Heroku, or any other cloud hosting provider, the callback URL must be updated accordingly. For example, if you deploy your application as an Azure Web App, the callback URL could look something like https://my-cool-app.azurewebsites.net/api/forge/callback/oauth. And again, you'll have to change the URL both in https://forge.autodesk.com/myapps, and in your Azure Web App settings.
Access to audio at 'https://.amazonaws.com/.mp3' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
We have a vue.js frontend and spring boot backend.
There a tag in a vue.js file which gets the src link by calling spring boot backend server. The backend returns the src link.
As you can see the below is the run time audio component
<audio data-v-3f267e7a="" src="https://****.amazonaws.com/****.mp3" eq-attached="true"></audio>
I am confused as why the browser is throwing CORS error in this case. Please let me know why the error in the first place and how to solve this. CORS is already enabled in spring security file. I already tried with #CrossOrigin annotations in spring controller.
Since your error is CORS, between your vue.js and amazon audio url, spring boot is not related to that.
Commonly CORS said us: No web application can download my resources using javascript.
In your case, amazon is telling you: Your web at localhost cannot download my audios.
If you would be the owner of amazon, and you want any website to be able to download your audios, you just need to add this response header in the audio url:
Access-Control-Allow-Origin : *
How fix it?
Try to use a minimal ajax invocation to dowload the audio url. With this you can verify if url is "downloadable" or has the classic cors headers. Don't forget to test it with a kind of server like one of these
If you can't download it or you get the same cors error as your vue app, you could verify that amazon does not allow this type of usage of audio urls.
Also verify if amazon has a kind of administration web console which allows us the registration of origins. In this case you must add the localhost:8080 or any domain in which your web app is running.
Workaround
If the url is downloadable at backend side, I mean with java and not with javascript, you could create a simple spring controller which will download the audio and return maybe the bytes or another format that your vue app needs. At this point you are the owner, so you could add any CORS header you need.
I have a SPA running on my localhost:3000 and my ASP.NET Core 3.1 Web API running on localhost:44372.
I'm trying to debug the SPA from my connected Android Device. I connected the device, did port forwarding, everything is well, SPA gets opened, but then it does a request to Web API and receives CORS error. When I check network tab I see that the origin is https://localhost:3000, which is correct. Does chrome remote debugging mode somehow replace the origin, because everything works well if I open the SPA locally?
I tried to debug Web API project with custom middleware, but I'm unable to hit the breaking point: seems like it returns CORS error before pipeline even started.
Here are my CORS configs in Web API:
builder.UseCors(x => x
.WithOrigins("https://localhost:3000", "http://localhost:3000")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials())
UPDATE
The CORS errors:
UPDATE 2
I also forwarded the port 44372 which I have the Web API on and the error changed to: net::ERR_CERT_AUTHORITY_INVALID. Is this an issue with the chrome on android? I'm not quite sure how to address it. The issue seems to be with the Web API server certificate, because SPA gets loaded properly.
I managed to solve the issue by opening https://localhost:44372 on the Device. There I got a security warning, but when I chose "proceed to localhost (unsafe)" I was able to reach Web API. Then https://localhost:3000 started working well.
I've been looking at solutions so that I can create a cross-platform fluid experience. So to do this for the online website version, I would just send an Ajax request to a PHP script to query a MySQL database. But I am thinking of creating an electron app for offline use, so I will need to send queries to that online database, but I know there are a lot of limitations when it comes to Ajax with regards to cross-site requests.
So is it possible to send these sort of ajax requests to a PHP script on a web server, from an electron application. But, if Ajax requests aren't possible, how would I achieve this type of request to an online database. I have tried doing some research on the subject but was unable to find any solutions that are similar to this situation.
Cross-domain AJAX requests are blocked by default. All your regular desktop apps such as your Mail client send requests out all the time. You simply have to enable Cross-Origin Resource Sharing (CORS) on your server. I don't know what server application you're using (Apache/Nginx), but for Apache you can start simply by adding the following line to the relevant part of your Virtual Host or .htaccess file:
Header set Access-Control-Allow-Origin "*"
You can refer to the Enable CORS to learn how to enable CORS for other server technologies.
in the light of facebook's imminent switch to HTTPS (yes, i'm late to the party),
i have some questions around AS3 and HTTPS / HTTP.
so my understanding is that facebook is going to serve up html from an https address,
and in the html is an iframe with the URL of our .swf file.
i assume that we'll have to be able to server that .swf file via https, and that seems reasonable.
my questions are more around what happens within flash once the .swf is running.
we have many requests to our backend via HTTP, and we also periodically open up a raw socket also into our backend.
is flash/the browser going to give us grief about that socket or those http requests ?
thanks in advance,
orion