I have made a small xslt file to create an html output called weather.xsl with code as follows:
<!-- DWXMLSource="http://weather.yahooapis.com/forecastrss?w=38325&u=c" -->
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
exclude-result-prefixes="yweather"
xmlns:yweather="http://xml.weather.yahoo.com/ns/rss/1.0" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#">
<xsl:output omit-xml-declaration="yes" indent="yes"/>
<xsl:strip-space elements="*"/>
<xsl:template match="/">
<img src="{/*/*/item/yweather:condition/#text}.jpg"/>
</xsl:template>
</xsl:stylesheet>
I want to load in the html output into a div in an html file which I'm trying to do using jQuery as follows:
<div id="result">
<script type="text/javascript">
$('#result').load('weather.xsl');
</script>
</div>
But I am getting the following error:
Origin null is not allowed by Access-Control-Allow-Origin.
I've read about adding a header to the xslt, but I'm not sure how to do that, so any help would be appreciated, and if loading in the html ouput can't be done this way, then advice on how else to do it would be great.
Origin null is the local file system, so that suggests that you're loading the HTML page that does the load call via a file:/// URL (e.g., just double-clicking it in a local file browser or similar).
Most browsers apply the Same Origin Policy to local files by disallowing even loading files from the same directory as the document. (It used to be that Firefox allowed the same directory and subdirectories, but not any longer.
Basically, using ajax with local resources doesn't work.
If you're just testing something locally that you'll really be deploying to the web, rather than use local files, install a simple web server and test via http:// URLs instead. That gives you a much more accurate security picture. Your IDE may well have some kind of server built in (directly or via an extension) that lets you just hit "run" in the IDE and have the server fired up and serving the file.
Chrome and Safari has a restriction on using ajax with local resources. That's why it's throwing an error like
Origin null is not allowed by Access-Control-Allow-Origin.
Solution: Use firefox or upload your data to a temporary server. If you still want to use Chrome, start it with the below option;
--allow-file-access-from-files
More info how to add the above parameter to your Chrome: Right click the Chrome icon on your task bar, right click the Google Chrome on the pop-up window and click properties and add the above parameter inside the Target textbox under Shortcut tab. It will like as below;
C:\Users\XXX_USER\AppData\Local\Google\Chrome\Application\chrome.exe --allow-file-access-from-files
Hope this will help!
Just wanted to add that the "run a webserver" answer seems quite daunting, but if you have python on your system (installed by default at least on MacOS and any Linux distribution) it's as easy as:
python -m http.server # with python3
or
python -m SimpleHTTPServer # with python2
So if you have your html file myfile.html in a folder, say mydir, all you have to do is:
cd /path/to/mydir
python -m http.server # or the python2 alternative above
Then point your browser to:
http://localhost:8000/myfile.html
And you are done! Works on all browsers, without disabling web security, allowing local files, or even restarting the browser with command line options.
I would like to humbly add that according to this SO source: https://stackoverflow.com/a/14671362/1743693, this kind of trouble is now partially solved simply by using the following jQuery instruction:
<script>
$.support.cors = true;
</script>
I tried it on IE10.0.9200, and it worked immediately (using jquery-1.9.0.js).
On chrome 28.0.1500.95 - this instruction doesn't work (this happens all over as david complains in the comments at the link above)
Running chrome with --allow-file-access-from-files did not work for me (as Maistora's claims above)
Adding a bit to use Gokhan's solution for using:
--allow-file-access-from-files
Now you just need to append above text in Target text followed by a space.
make sure you close all the instances of chrome browser after adding above property.
Now restart chrome by the icon where you added this property.
It should work for all.
I was looking for an solution to make an XHR request to a server from a local html file and found a solution using Chrome and PHP. (no Jquery)
Javascripts:
var x = new XMLHttpRequest();
if(x) x.onreadystatechange=function(){
if (x.readyState === 4 && x.status===200){
console.log(x.responseText); //Success
}else{
console.log(x); //Failed
}
};
x.open(GET, 'http://example.com/', true);
x.withCredentials = true;
x.send();
My Chrome's request header Origin: null
My PHP response header (Note that 'null' is a string). HTTP_REFERER allow cross-origin from a remote server to another.
header('Access-Control-Allow-Origin: '.(trim($_SERVER['HTTP_REFERER'],'/')?:'null'),true);
header('Access-Control-Allow-Credentials:true',true);
I was able to successfully connect to my server.
You can disregards the Credentials headers, but this works for me with Apache's AuthType Basic enabled
I tested compatibility with FF and Opera, It works in many cases such as:
From a VM LAN IP (192.168.0.x) back to the VM'S WAN (public) IP:port
From a VM LAN IP back to a remote server domain name.
From a local .HTML file to the VM LAN IP and/or VM WAN IP:port,
From a local .HTML file to a remote server domain name.
And so on.
You can load a local Javascript file (in the tree below your file:/ source page) using the source tag:
<script src="my_data.js"></script>
If you encode your input into Javascript, like in this case:
mydata.js:
$xsl_text = "<xsl:stylesheet version="1.0" + ....
(this is easier for json) then you have your 'data' in a Javascript global variable to use as you wish.
Using Java Spring to run a web service, you need to add:#ServletComponentScan right above
#SpringBootApplication in your auto-generated YouAppApplication.java file ( the one with the main() function ) and create a class with the following implementation:
#WebFilter("/*")
public class AddResponseHeaderFilter implements Filter {
#Override
public void init(FilterConfig filterConfig) throws ServletException {
// ...
}
#Override
public void doFilter(ServletRequest servletRequest,
ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
httpServletResponse.addHeader("Access-Control-Allow-Origin", "null");
httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");
filterChain.doFilter(servletRequest, servletResponse);
}
#Override
public void destroy() {
// ...
}
}
note that you can choose a different name for this class as soon as it implements Filter and has the #WebFilter annotation you can also provide a different wildcard than /* so this filter doesn't apply to every endpoint.
As specified by #Louis Loudog Trottier you need to add ...withCredentials = true; when creating your Ajax request for this to work.
We have just gone live with https://ecotaksen.be. The queries and updates on Exact were running fine, but after installing the production license an error itgenobr001: Client not found. occurs.
My data container specification is:
<database order="1"
creationDate="2016-04-13T09:11:03.3584276+02:00"
provider="ExactOnlineAll"
connectionString="apiUrl=https://start.exactonline.be"
/>
The connection to Exact Online using Query Tool with the same credentials and connection string is working fine.
How can I solve the itgenobr001 error?
In fact it was quite simple to solve: the "Client" referred to is the application. I needed to add the client ID of Exact Online app to my connection string, since Data Access Point requires a client ID when using a production license.
Resulting data container specification:
<database order="1" creationDate="2016-04-13T09:11:03.3584276+02:00" provider="ExactOnlineAll"
connectionString="apiUrl=https://start.exactonline.be;api-client-id=MYID" />
After that, I got a itgenobr001: Invalid authorization request., and that one required addition of the redirect url as specified in the My Apps page in Exact Online:
<database order="1" creationDate="2016-04-13T09:11:03.3584276+02:00" provider="ExactOnlineAll"
connectionString="apiUrl=https://start.exactonline.be;api-client-id=MYID;apiredirecturl=https://ecotaksen.be" />
I am trying to run play activator template named "playStartApp".
But, it is giving me following runtime exception:
RuntimeException: smtp.host needs to be set in application.conf in order to use this plugin (or set smtp.mock to true)\
java.lang.RuntimeException: smtp.host needs to be set in application.conf in order to use this plugin (or set smtp.mock to true)
com.typesafe.plugin.CommonsMailerPlugin$$anonfun$4.apply(MailerPlugin.scala:329)
com.typesafe.plugin.CommonsMailerPlugin$$anonfun$4.apply(MailerPlugin.scala:329)
scala.Option.getOrElse(Option.scala:120)
com.typesafe.plugin.CommonsMailerPlugin.mailerInstance$lzycompute(MailerPlugin.scala:329)
com.typesafe.plugin.CommonsMailerPlugin.mailerInstance(MailerPlugin.scala:326)
com.typesafe.plugin.CommonsMailerPlugin.onStart(MailerPlugin.scala:343)
play.api.Play$$anonfun$start$1$$anonfun$apply$mcV$sp$1.apply(Play.scala:91)`
I tried both:
- set mail.smtp=mock
- mail.smtp.host=smtp.gmail.com
mail.smtp.user=yourGmailLogin
mail.smtp.pass=yourGmailPassword
mail.smtp.channel=ssl
pls suggest how to resolve this?
In the "playStartApp" activator template, you can either -
Use a mock mailer, by entering the following in conf/application.conf
smtp.mock=true
The mock option will render email output to the console. If you are using the Activator UI, you'll be able to see the mail output in the logs on the "Run" tab.
Mention the SMTP server details in conf/application.conf
smtp.host=smtp.gmail.com
smtp.port=587
smtp.user="user#gmail.com"
smtp.password="password"
smtp.ssl=true
mail.from="PlayStartApp#yourdomain.com"
mail.sign=The PlayStartApp Team
You can use gmail servers for sending mails as well, which I have mentioned above.
Alternatively, in the "playStartApp", just rename conf/mail.conf.example to conf/mail.conf and move all your SMTP related configuration here. Please note that conf/mail.conf is mentioned in .gitignore.
Resources (Play Documentation):
Mail configuration parameters
SMTP Configuratoin
I have a problem with GF4 while calling a web service I coded using http post. GF4 responds with a "Post too large" error. My post data is about 3MB.
Here is the GF4 debug log:
WARNING: Post too large
WARNING: StandardWrapperValve[obx2oex]: Servlet.service() for servlet obx2oex threw exception
java.lang.IllegalStateException: Post too large
at org.glassfish.grizzly.http.server.Request.parseRequestParameters(Request.java:2024)
at org.glassfish.grizzly.http.server.Request.getParameter(Request.java:1052)
at org.apache.catalina.connector.Request.getParameter(Request.java:1547)
at org.apache.catalina.connector.RequestFacade.getParameter(RequestFacade.java:448)
...
I already googled for this issue and found some help that encourages to modify the server configuration. I edited the following part in the domain.xml:
<http-service>
<access-log></access-log>
<virtual-server id="server" network-listeners="http-listener-1,http-listener-2"></virtual-server>
<virtual-server id="__asadmin" network-listeners="admin-listener"></virtual-server>
<property name="maxPostSize" value="2097152"></property>
</http-service>
and restarted the server. But the error still occurs.
Does anybody know, how to solve this "post too large" issue?
Thanks for your help!
PS: I just saw the starting log of the GF4 and it told me:
WARNING: Unsupported http-service property maxPostSize is being ignored
So where should I tell GF4 to accept large post data?
Open Glass Fish administrative console, select
Configurations - server config - Network Config - Network Listeners
- http-listener-1
and
tab HTTP.
There is parameter Max Post Size. Increase it as you wish.
Look screenshot
My first attempt coding my webservice was a servlet that accepts data via POST parameter of HTTP. That lead to the "Post too large" error, when sending more than 2MB.
I got a suggestions to code it as REST service. It is very strange, but now it works with more than 2MB. Even while the data is sent via http post.
Maybe it should help someone.
But nevertheless I'd like to know, where you can set the maxPostSize value in GF4 server.
I am having difficulty understanding how to use <keygen>.
I could not find the demo for it, which is used for authentication. When I add the <keygen> tag to the form, it sends the public key.
What should be done after getting the public key?
Can someone please give me sample application which uses <keygen> and does the authentication?
My explanations come from this PHP/Apache example. It's a simplified explanation, look at the original example for full details.
The client generate a public key for the server and keep a private key.
<form>
<keygen name="pubkey" challenge="randomchars">
<input type="submit" name="createcert" value="Generate">
</form>
The public key is extracted by the server:
$key = $_REQUEST['pubkey'];
The server build a client certificate:
$command = "/usr/bin/openssl ca -config ".$opensslconf." -days ".$days." -notext -batch -spkac ".$certfolder.$uniq.".spkac -out ".$certfolder.$uniq." -passin pass:'".$capw."' 2>&1";
$output = shell_exec($command);
and send it back to the client.
You can then configure Apache to allow access to authentified clients:
SSLEngine on
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile /etc/CA/certs-pub/domain.der
SSLCertificateKeyFile /etc/CA/certs-priv/domain.pem
SSLCACertificateFile /etc/CA/certs-pub/ca.pem
SSLCARevocationFile /etc/CA/crl/cacrl.pem
<Location /secure_area/>
SSLVerifyClient require
SSLVerifyDepth 1
</Location>
Mozilla has some working examples here:
https://developer.mozilla.org/en-US/docs/HTML/Element/keygen