I have a problem with all my requests sent in javascript on the api. They are all blocked by the CORS. When they are sent from postman, they work fine.
The fruitcake/laravel-cors library is already installed but has not fixed the problem.
Do you have any solutions?
Thank you in advance.
Remove this fruitcake/laravel-cors package .Now Laravel 9 by default provides cors solution.
Visit site from http://localhost:8000 not http://127.0.0.1:8000
I am on laravel 8, and access to the api does not work in production.
Everything was working normally and since reinstalling the vps (on apache) it doesn't work anymore.
I don't know if it's apache or laravel.
Related
I recently added Fastly domain from addons in heroku application. And when fastly was provisioned I got a test url which is as follows:
https://felix-homes-herokuapp-com.global.ssl.fastly.net/
Whenever I click on this url it gets redirected to
https://felix-homes.herokuapp.com for some unknown reason.
Note my nodejs app uses Heroku-SSL-Redirect. Is it because of this?
I have already followed setup guide and asked multiple issues from the support
https://support.fastly.com/hc/en-us/requests/323620?page=1
And nearest question I find to SO is following
Adding Fastly to a Heroku app does not forward to proper url
Clearing browser cache or changing browser did not help me. Can you please try hitting fastly url on your computer and let me know if you are also face same redirect problem?
Yes, very likely the library (Heroku-SSL-Redirect) is the issue.
In the end, you have two separate requests. An encrypted HTTPS/SSL request from the browser. And then an unencrypted request from Fastly to Heroku.
Your node-application and the library only see the unencrypted request and return the redirect.
There are two ways to solve this:
You configure Fastly do do encrypted requests to Heroku as its backend.
Every routing / proxy layer (fastly, but also the Heroku routing layer) typically use the X-Forwarded-Proto HTTP header to tell the backend application that the initial request was already encrypted. So either heroku-ssl-redirect doesn't look at the header, or it did get lost somewhere on way.
I'm developing an app using Angular for client side and Django for server side. During development I'm running Django in port 8000 for managing all API requests, and serving my client app using Angular CLI running at port 4200.
Sending GET requests to Django work w/o problems but when I try to send a POST request that includes some cookies with session information, it fails as the cookies are not included in the header.
I know that the source of this "problem" is the CORS issue [read more here] and that it won't be a problem in production as both client and server apps will be running in the same server and port, however I wonder how can I fix this situation at least for development.
I've tried using the django-cors-headers module with the options CORS_ALLOW_CREDENTIALSand CORS_ORIGIN_ALLOW_ALL set to True but it didn't work.
Any ideas?
Finally I managed to make all work.
I thought it was a problem of Django so I installed django-cors-headers module, however the "problem" is in the browser (actually is not a problem, it is a security issue, see [here][1]).
Anyway, I solved the problem using a proxy rule for my Angular CLI, as follows:
First, instead of sending my requests to http://localhost:8000/api/..., I send them to /api/ (i.e. to my Angular server running at port 4200).
Then I added a file in my Angular project called "proxy.conf.json" with the following content:
{
"/api": {
"target": "http://localhost:8000",
"secure": false
}
}
Finally, I added the flag "--proxy-config" to the Angular CLI server:
ng serve --watch **--proxy-config proxy.conf.json**
Now, all API requests are sent to the port 4200 and Angular internally redirects them to Django, avoiding the CORS problem.
Note: With this solution I didn't need anymore the django-cors-headers module.
I have a website on www.example.com that uses AJAX to access JSON via a nodejs-API on api.example.com. (Cross-domain!) I need the PUT and DELETE as HTTP-methods, thats why I can't use jsonp, i looked up how CORS works, and implemented that via the Access-Control-Allow-Origin headers.
When i work on my local environment (www.example.dev and api.example.dev) my setup works. My API return the correct headers (Access-Control-Allow-Origin) and I succeed in doing cross domain requests.
When I deploy online, my setup doesn't work anymore, because the headers get blocked by the company watchguard firewall. I could ask to allow my public API, but i'm afraid someone else will have the same issues in his or her restricted environment.
Is there any other way to solve this?
For those interested: I use easyXDM for cross domain messaging. That solved my problem. http://easyxdm.net/wp/
I am currently using Django 1.2. I am trying to send an ajax request to my Django site from our newly established drupal installation. I am able to send the request no problem from one view to another on my DJANGO site but I am unable to send a request from my local machine. I continue to get an error, I assume there is a CSRF verification issue. Does anyone know how I may resolve this issue.
-Greg
Not so recommended but quickest:
You can easily disable csrf protection for certain django views using csrf_exempt decorator. You can find more info in django docs
this might be also more justified if you run your app in 'trusted environment'.
Please mind that this causes some security problems. If you decide to use csrf_exempt you can think of some additional verifications (eg. you can allow requests on some view for some limited set of IPs or something else).
When I am calling a REST service through AJAX, its working fine. I am calling it with the URL staring with HTTP e.g.: http://www.myserver.com/customers. Its works really great.
But when I am calling a same URL but with HTTPs e.g.: https://www.myserver.com/customers,
I am not getting any response from server.
Its not working for GET or POST both.
Its not working in Mac firefox, actually I am developing an application for iPhone using phonegap framework.
Its also not working in iPhone simulator's mobile safari.
Can anyone here know what problem is this? And how to solve this?
The requesting domain must match the requested domain down to the protocol, according to the Same Origin Policy
It could probably be because of same origin policy. read
http://en.wikipedia.org/wiki/Same_origin_policy