I have a question where my client is on http://web-dev.test.com and my MVC Services are on http://webdev01.test.com . So i am trying to use ajax GET and POST json requests from my client to mvc services but it is giving me cross domain error. Can anyone explain me what the problem is? and how I could resolve this?
Thankyou
From the documentation:
Due to browser security restrictions, most "Ajax" requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, or protocol.
Script and JSONP requests are not subject to the same origin policy restrictions.
Making it a JSONP request, if possible, should not cause you those issues. Otherwise I'm afraid you are not going to be able to successfully complete your request.
You have two options using JSONP or CORS
For CORS you set http headers for your service so that you client will have access to it, eg
Access-Control-Allow-Origin: http://web-dev.test.com
Related
I sniffed the network traffic coming out of an app that displays real time data. I am trying to get access to the api to display the same real time data on a website that I am working on currently. I was able to view the get request and the response using fiddler and I then sent a get request directly using the url. However, my get request was blocked by CORs policy. I'm a beginner and would like to know how to access the API.
If the server that's hosting the API doesn't supply COR headers that explicitly allow this, you're not going to be able to make these requests via your browser. I'd recommend making the requests on your server instead of in the browser, because that's not bound by CORs settings.
I have been using POSTMAN for sometime now for sending HTTP requests like GET, POST, PUT for RESTful Webservices. Recently came across a situation, when sending a request to my REST API through browser, I got a message that
No Access Control Allow Origin Header is present on the Requested resource.
The solution was ofcourse to add such an header to the API.
However strangely, When I sent the the same request through POSTMAN I was able to get back the response.
So I want to know how is sending a request through POSTMAN different from sending a request through browser.
I went through this question: CORS with POSTMAN, but it really doesn't provide an answer in detail.
From Cross-Origin XMLHttpRequest in Chrome Develop Extensions documentation:
Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy. Extensions aren't so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.
Basically browser extensions have more privileges than web content. In the case of Chrome extensions, there is an option to enable cross-origin access.
Is it possible to create a single policy that will forward all Options requests to the backend server? The only way I have figured out how to do this is by creating a new Options operation for each endpoint. That seems like a lot of unnecessary work since I want all options requests to be forwarded to the backend.
How can I create a single policy to forward all Options requests to the backend?
I don't think that is currently possible, so your only options are:
Create a separate OPTIONS operation in each endpoint.
Set up CORS (https://msdn.microsoft.com/library/azure/7689d277-8abe-472a-a78c-e6d4bd43455d#CORS) policy on a product or global level, so that OPTIONS requests would be served by APIM and not forwarded to backend at all.
Actually it is, operation template support wildcard /*
I am trying this, but since our API requires an SubscriptionKey, it is still not working. Since ApiMgmt will return 401 for options request, since browsers dont send the SubscriptionKey header.
Would be nice with the possibility to open single operations...
https://feedback.azure.com/forums/248703-api-management/suggestions/19450117-feature-to-ignore-api-management-subscription-key
That's my question, what are the differences between those requests ?
I am having an issue with get request I am trying to perform, I am getting the error
XMLHttpRequest cannot load http://urbanetradio.com/wp-json/posts. The 'Access-Control-Allow-Origin' header has a value 'http://localhost:8100' that is not equal to the supplied origin. Origin 'http://run.plnkr.co' is therefore not allowed access.
that get request is toward my-site-url/wp-json/postswhich is a WordPress account. And this is the method I am using
so, someone says, use jsonp instead of get, but why?
Jsonp is what is used for web APIs that support cross origin resource sharing. The article below gives an example of how to make a request that supports cors. If the webapi is not configured to allow requests from your host you may not be able to make it work without changing the api though.
Web requests that support cors:
http://www.html5rocks.com/en/tutorials/cors/
Setting up a web api that uses cors:
http://mobile.codeguru.com/csharp/.net/net_asp/using-cross-origin-resource-sharing-cors-in-asp.net-web-api.html
Is it possible to use HTTP.get on the client side to retrieve some json data and store it as a string?
I need to get the JSON from this site https://blockchain.info/address/15cNko3ZtmYCba8GoaYsZ6GWFy1VCLgFji?format=json and store it as a string for later parsing.
The above site address for the wallet was chosen at random.
You can perform HTTP.get on the client. As per the documentation it's available Anywhere (Client and Server)
However, the example you've provided isn't on the same domain as your app, and hasn't provided Access-Control-Allow-Origin headers to permit cross-domain requests. So requests from the client will fail.
From Wikipedia:
The same origin policy prevents a document or script loaded from one
origin from getting or setting properties of a document from another
origin. This policy dates all the way back to Netscape Navigator 2.0.
Try typing $.ajax("https://blockchain.info/address/15cNko3ZtmYCba8GoaYsZ6GWFy1VCLgFji?format=json"); in your browser console in your application development tab.
You're likely to receive this error as response :
XMLHttpRequest cannot load https://blockchain.info/address/15cNko3ZtmYCba8GoaYsZ6GWFy1VCLgFji?format=json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
This is a CORS related issue which is a whole topic on itself so I suggest you google this and understand its implications.
Next, if you can control CORS settings on the domain where you're trying to fetch json from, then you need to allow cross origin requests from your web application domain, this is possible when using an amazon S3 bucket, another web application you designed, etc...
If you can't, then I'm afraid you'll have to use a Meteor.method client side to reach your Meteor server where you'll fetch the json with HTTP.get then send it back to the Meteor client.