I am trying to set the HTTP header "Access-Control-Allow-Origin" but all of the examples that I find involve servlets or PHP or assume that there is server-side scripting available. Is it possible to set this in a plain old HTML file? I have tried this but I cannot verify that it is working:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >
<html>
<head>
<meta http-equiv="Access-Control-Allow-Origin" content="*"/>
...
I know this question is old, but the correct way of setting a content security policy without server-side is using the meta tag Content-Security-Policy
For example:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
or in your case / example, allowing everything:
<meta http-equiv="Content-Security-Policy" content="*">
Read more: https://content-security-policy.com/examples/meta/
Try using url-rewrite. You will have to configure the Filter in your web application, but you won't have to write any Java code to do it.
Related
I have a simple html page which starts like this:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Cache-Control" content="public, must-revalidate">
<meta http-equiv="Cache-Control" content="max-age=88000" />
<script type="text/javascript" src="/js/index.js"></script>
....
However, when I check index.js file in FF web console, I see Cache-Control: "max-age=0". Why is that and how can I fix it? Thanks!
There is no reason to expect a meta tag in an HTML file to affect the HTTP headers sent for a JavaScript file that it refers to (or even the HTTP headers sent for the HTML file itself, for that matter).
The HTTP headers are set by the web server (or, more generally, HTTP server) software in use, possibly as affected by system-wide or directory-wide settings on the server. Long ago, the idea was that certain meta tags might affect the HTTP headers for the HTML document itself, but this was generally not implemented in servers. Instead, browsers may use some meta tags and act as if corresponding HTTP headers had been sent, but a) this only applies to the HTML document itself, if at all and b) it cannot be seen by tools that inspect the HTTP headers actually sent.
I am still pretty new to HTML and programming in general so this is more of a curiosity question but I am asking as I want to use it the right way.
Whenever I have to initiate an HTML document I start it as below and never observed any issues.
However, when I work in Adobe Dreamweaver and create a new document there it always shows me the below initiation.
Of course I can overwrite this but I would like to know what is the difference and when it would make sense to use any of Adobe's suggested attributes or to add something else to my first four lines.
Can someone help me with this ?
My current initiation:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<!-- ... -->
HTML initiation shown in Dreamweaver:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<!-- ... -->
Many thanks in advance,
Mike
<!DOCTYPE html>
This is HTML 5. The current standard.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
This is XHTML 1.0 Transitional. A standard from 2000 designed to combine the transition from HTML 3.2 (1997) to HTML 4 (1998) and XML (which never saw wide use, except while pretending to be HTML 4.
can you explain the single attributes that are different to mine and when it would make sense to use any of them ? Esp. regarding
"PUBLIC",
That isn't an attribute. The PUBLIC portion of a Doctype declaration tells the client where it can download the DTD. (As opposed to the SYSTEM portion which gives it an identifier that it can use to look it up from a local catalogue).
Browsers have never cared about DTDs.
"xmlns",
XML Namespace. It lets you distinguish between elements and attributes that have the same name but are from different specifications.
"http-equiv"
"This is equivalent to an HTTP header with this name"
It is largely a joke. Nothing really implements this except for the character encoding portion of the content-type header and HTML 5 gives much nicer syntax for specifying that.
"content".
The value of the above.
Your first declaration is a HTML5 declaration which is the current standard.
The declaration produces by Dreamweaver is a deprecated XHTML 1.0 Transitional declaration (maybe your Dreamweaver is not up-to-date ?).
See here for more information on doctype
I have a strange problem...
I need to send a GET HTTP Request to web site by NSURLConnection ([NSURLConnection sendAsynchronousRequest...).
All works very well but sometimes I see a strange html result different from what I expect.
This garbage html is this:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/strict.dtd">
<!-- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"> -->
<HTML><HEAD><META HTTP-EQUIV="Refresh" CONTENT="0.1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
<TITLE></TITLE></HEAD><BODY><P></BODY>
</HTML>
(Lines split for clarity)
What does that mean?
The web site to which I refer is not mine so I can not work on the server side to solve the issue.
Can I do anything to prevent this?
For some reason, the server (or an intermediary, like a load balancer) is asking you to make the request again in .1 seconds.
If you viewed this page with a web browser, it would wait .1 seconds, and then refresh the page (the purpose of the Refresh meta tag).
You will probably need to check explicitly for this, and retry your request (after waiting .1 seconds to be polite) when it happens.
Lets say I have the following file in called index in the directory D:\Experimental:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
<head>
<title>Minimal XHTML 1.1 Document</title>
</head>
<body>
<p>This is a minimal XHTML 1.1 document.</p>
</body>
</html>
If I open the link
file:///D:/experimental/index.html
I get to see the html, but it seems that the character encoding defaults to Western (ISO-8859-1), I can see this when I click view -> character encoding in firefox.
I want to display this in UTF-8 because Western (ISO-8859-1) doesn't display some characters correctly. Does anyone know how to fix this?
You should include:
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
in your HEAD element.
Edit
I've just tried your example in Firefox on the Mac, and even without the meta tag, it correctly interprets the document as UTF-8. The Standard seems to indicate that it should use the XML processing instruction, but that you should also use the correct HTTP headers. Since you're not sending headers (because you're not using HTTP) you can specify them with the meta tag.
Maybe try adding
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
in <head> section?
When loading files from disk, your browser does not have an HTTP Content-Type header to read the encoding from, so it guesses. To guess the document encoding it uses your operative systems current encoding, the actual bytes that are in the files and information inside the file itself.
As Jonathan wrote, you can add a
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
element that will help the browser using the correct content type. Anyway, note that that element will often be ignored by browsers if your document is sent from a misconfigured HTTP server that explicitly specifies another encoding the Content-Type header.
Is it ok not to include such lines in a HTML file? Removing these lines makes the code look more clean.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
When I use dreamweaver to create a HTML file, these lines are automatically included.
No, you should NOT remove those lines.
You can, however, switch the <!doctype>-declaration to the one of HTML5, since that will still trigger standards mode in all current browsers, even though they don't yet implement HTML 5. It looks like the following:
<!DOCTYPE html>
Which is a bit more clean than the ordinary one you use looks like. You can also read a little more about the new doctype-declaration here. You can also learn more about what will change in HTML5 here.
No that is not allowed. It sets the character encoding, i.e. how the browser should read it.
But the new HTML5 elements make the whole thing look easier and cleaner. So:
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
becomes --> <!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
lang="en"
xml:lang="en">
becomes --> <html lang="en">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
becomes --> <meta charset="UTF-8">
<link rel="stylesheet" href="style.css" type="text/css">
becomes --> <link rel="stylesheet" href="style.css">
So the whole code in the <head> becomes:
<!DOCTYPE html>
<html lang="en">
<meta charset="UTF-8">
<link rel="stylesheet" href="style.css">
No, you shouldn't remove these lines. The first two lines tell the browser what type of document your page is, and helps the browser render it properly.
The third line tells the browser what character set you're using, in this case so that it knows to render non-latin characters properly.
Those declares the DOCTYPE, which shouldn't be forgotten to add.
Why?
Why specify a doctype? Because it
defines which version of (X)HTML your
document is actually using, and this
is a critical piece of information
needed by browsers or other tools
processing the document.
For example, specifying the doctype of
your document allows you to use tools
such as the Markup Validator to check
the syntax of your (X)HTML (and hence
discovers errors that may affect the
way your page is rendered by various
browsers). Such tools won't be able to
work if they do not know what kind of
document you are using.
But the most important thing is that
with most families of browsers, a
doctype declaration will make a lot of
guessing unnecessary, and will thus
trigger a "standard" parsing mode,
where the understanding (and, as a
result, the display) of the document
is not only faster, it is also
consistent and free of any bad
surprise that documents without
doctype will create.
You can remove the DOCTYPE, html tags and meta tags and still have valid HTML, and if you are happy for your page to take browser default styling they can be safely omitted. The content type and charset can be specified by the HTTP headers if you prefer. As others have already pointed out, the DOCTYPE will affect how styling instructions are interpreted, and also how HTML parsers interpret some invalid markup, so you will need to allow for this.