I am using SPA (Laravel and Vuejs). When in development, website project worked perfect but when after running npm run production and put it on live server, I got errors saying
Access to Xmlhttprequest at http://localhost:8000/auth_check from origin https://hamariweb.com/auth_check has been blocked by Cors policy.
I have tried different solutions that fixed their problems but not mine. I want to know what is wrong with it and how can I fix it?
Sounds like somewhere in your code you're trying to send a request to http://localhost:8000/auth_check which isn't going to work in prod. You need to find the call to that URL and replace it with a call to the correct URL.
You can create an ENV setting in your .env file like this.
APP_URL=https://hamariweb.com
Then share that env file to your javascript code like this.
MIX_APP_URL="${APP_URL}"
Any ENV settings that start with MIX_ are passed to Javascript and this is passing it the initial APP URL value.
To finally grab the app url in the JS do this:
process.env.MIX_APP_URL
You can even assign the entire env settings globally like this.
if(process && process.env){
window.env = process.env;
}
Any .env MIX_ variables will be available in window.env at that point and in your SPA you'll be able to make the URL or any other variable configurable based on environment.
I am in a corporate env so I have to use a proxy to reach servers. This works well in postman and in browsers. What I can't reach is localhost in postman but I can reach localhost in the browser.
I am running Postman for Linux Version 6.0.9. I have tried reaching localhost:9082/rest/myapi.... and 127.0.0.1:9082/rest/myapi with both global proxy and system proxy turned on and with either turned on and with non turned on. In all cases I am not able to reach localhost.
What I get as an response is an error page from the proxy server! Someway the call gets out on the network instead of being kept on my machine.
The postman console:
My request headers are:
Cache-Control →no-cache
Connection →Keep-Alive
Content-Length →986
Content-Type →text/html; charset=utf-8
Pragma →no-cache
Proxy-Connection →Keep-Alive
My response headers are:
cache-control:"no-cache"
pragma:"no-cache"
content-type:"text/html; charset=utf-8"
proxy-connection:"Keep-Alive"
connection:"Keep-Alive"
content-length:"986"
My response body is an html page.
How can I make a call to localhost work with postman?
I was having similar issue with HTTP calls to local ASP.NET Core Web API apps. Changing the proxy settings didn't fix it for me.
Finally fixed it by turning off File > Settings > General > SSL Certificate Verification
I have the same issue. What works for me is:
Open File -> Settings -> Proxy
Then, enable proxy and put 127.0.0.1 : 80, if your web server runs on 80.
In the git thread, they say it is a known issue, so hopefully it will get resolved soon.
I solved this by Turning off System proxy of Postman.
Open File -> Settings -> Proxy
Then Turn off Use System Proxy
#Menuka Ishan Answer is correct. But in mac only if we change the turn off proxy won't work. You need to turn off the SSL Certificate verification also you need to disable.
I found a temporary solution:
In terminal, go to the directory where postman is installed and add:
machine#dev:~/Documents/Postman$ export NO_PROXY=localhost,127.0.0.1
machine#dev:~/Documents/Postman$ ./Postman
This will make calls to localhost work.
I found a similar problem on Windows machines here
The problem mentioned as an issue here. You should just write a simple batch file like this:
set HTTP_PROXY=
set http_proxy=
set HTTPS_PROXY=
set https_proxy=
START %LOCALAPPDATA%\Postman\Update.exe --processStart "Postman.exe"
open a simple text file, save this as a ".bat" file, and just run it!
I also faced the same issue, but the trick was I implemented both the methods that were stated earlier in the stack.
First I turned off the postman proxy as shown in below image.
Click Settings -> Proxy
And then turned off the SSL certificate verification check button.
Click Settings -> General
And then tried to hit my local server and finally it worked.
While attempting to Get https://localhost:5001/WeatherForecast via PostMan while developing a basic .NET Core (3.1) Web API (on Ubuntu Linux)
I got the error:
Could not get any response There was an error connecting to
https://localhost:5001/WeatherForecast.
I didn't notice the actual solution in the things to try at first, but if you check the highlighted text in the image you will see it.
You can see that the option is turned on in PostMan by default:
I turned the SSL Certificate Verification off and tried again and it worked.
If you are under corporate proxy and you are deploying your webapplication in localhost then no need to set proxy configuration like
http://username:password#corporateProxyServer:ServerPort in postman (Global Proxy Configuration).
As the app is deployed in local machine just use the localhost configuration in setting -> Global Proxy Configuration as :
proxy server : 127.0.0.1
port : 8300 (this is the port where the web application is running )
My problem was that i was setting an invalid Header token and it gave me the error
Error: Header name must be a valid HTTP token ["Accept "]
Warning: This request did not get sent completely and might not have all the required system headers
Just check your Headers.
Adding another potential answer to this for people to check after they've tried the other ideas here.
I was able to solve my own problem by checking the Postman console (View -> Show Postman Console) and then examining the error from the request (in my case it was because I had a newline character on an auth token).
In my case, I had to precede the localhost with https://
These steps solved this issue after 1 whole day struggle:
1) HTTP_PROXY= proxy.company.com:port
HTTPS_PROXY=proxy.company.com:port
to user variables, not to System variables. Make sure the the case is all cap.
2) Updating newtwork driver, and turning on Windows Defender......Make sure you don't see no reds in here.
I was not able to make any calls from postman to docker container running Couchbase Server. Very frustrating. Turns out I had proxy setting configured to some aws instance which has been long deleted.
Goto setting and remove the proxy setting and it worked like a charm on localhost/127.0.0.1/mac laptop eno IP addr or 0.0.0.0
In my case, I was using django-tenants and had to add the domain for the tenant in etc/hosts to get it working on localhosts. My entry for 127.0.0.1 now looks like
127.0.0.1 localhost test.localhost
My problem was forgetting to select Environment. From the drop down where you see No Environment in the image, select the name of your environment.
Menuka Ishan's solution above saved my hours of pain! I left the Global Proxy Configuration switched ON and changed the Proxy Server to 127.0.0.1. Switched OFF the Use System Proxy. I already had the entry 127.0.0.1 localhost in my hosts file under the path C:\Windows\System32\drivers\etc.
If you have active proxy in your system then make sure Global Proxy Configuration and Use System Proxy are turned off. To do this go to Postman preferences > Proxy. You can also try sending a request in postman without typing localhost (e.g. :8080/send)
i think i also found a perfect fix.
First you turn on global proxy configurations, add your local machine Ip which is 127.0.0.1,then also add localhost in the bypass.
Also turn off SSL verification.
It worked for me
This worked for me, i dissable the parrameter host in the header.
HOST Disabled
If anyone is looking for a solution to WooCommerce local install, here are the steps to make this work:
Go to Wordpress Admin > WooCommerce > Settings > Advanced
Create new API key, give it a name
Copy the Consumer Key & Consumer Secret to
your text editor
Open Postman
Create new connection Set the URL for
testing (GET) : http://mylocalsite/wp-json/wc/v3/orders (change
"mylocalsite" to yours)
Click on Authorization tab
Now here is the main change: Although in WC Rest docs, it says to use the "Basic Auth" - IT WILL NOT WORK. Since usually your localhost is HTTP
and not HTTPS. So "Basic Auth" is not relevant in our case.
You will need to change the Authorization to OAuth 1.0
Set Consumer Key & Consumer Secret respectively as it shows in Woocommerce
Click "Send" - it should work now
If still you have problems, try one by one the following:
File > Settings > Turn off SSL Verification
File > Settings > Turn off "Automatically follow redirects"
I am running a WordPress on an Azure Web app connecting to a MySQL server on a different Windows server. When loading the mentioned page in Chrome, it shows 2 popups 403 & Forbidden. Checking the console throws this error - ecbcc.js:2 POST /wp-admin/admin-ajax.php 403 (Forbidden)
This works fine on FireFox & IE but not on Chrome. Any ideas why?
This is because of your cache. Minified version of JS is causing the issue in chrome browser. Check or purge the cache and check for the permissions applied to cached files as well.
I faced the same issue but it took a long time for me to fix it. Because my solution was not caused by common things like cache, .htaccess, files permissions, etc. I apply all the possible solutions as described here. When nothing worked for me, then I talked with my hosting provider and the issue was on their side. Actually, the server has black-listed my IP.
Below is the reply from the support of my hosting provider:
After checking it, it looks like the issue is caused by trigger
ModSecurity rules.
ModSecurity is an Apache module that works as a web application
firewall. It blocks known exploits and provides protection from a
range of attacks against web applications. However, sometimes,
mod_security may incorrectly determine that a certain request is
malicious, while it is actually legitimate. In such a situation, we
can whitelist the triggered mod_security rule on the server, so that
you can bypass the block.
In order to properly investigate, we need you to share your IP address
with us. You can copy it from here: https://ip.web-hosting.com/
Looking forward to your response.
This error can appear for more than one reason. Except for the accepted answer, if you are using a shared hosting solution as a server then it would be best to contact the support of the service. Also if you use Plesk or Cpanel you can check the server logs to see if there is any false positive rule that from mod_security that catches the error. Then you can find the error that could look something like that:
ModSecurity: Warning. Match of "test file" against "REQUEST_FILENAME" required. [file "/etc/httpd/conf/modsecurity.d/rules/custom/006_i360_4_custom.conf"] [line "264"] [id "77140992"]
You can apply the ID on your firewall exclusion list (if this is provided by your hosting service) and then the server will not block the request anymore.
IMPORTANT: If you are not sure what you are doing, ask your hosting provider for support. Experimenting on live servers/sites is not the best option and I would strongly recommend avoiding it.
I was unable to run typesafe activator in cloud9 :
The activator page loads OK but then I get the following error messages :
in the browser :
"Connection lost; you will need to reload the page or restart
Activator. It's also possible that Activator is open in another tab,
which causes this error."
in the cloud9 terminal :
"! #6j9pn9913 - Internal server error, for (GET)
[/home/stream?token=cba94...64394] -> play.api.Application$$anon$1:
Execution exception[[RuntimeException: Bad CSRF token for websocket]]"
Any help on how to solve this ?
Activator listens on 127.0.0.1 and is not even supposed to be listening on an external interface; it isn't completely clear to me why you can connect to it at all.
But however that connection works, it looks like the result is that the CSRF check fails. The CSRF check is checking that the query parameter there (?token=cba94...) matches a cookie that should have been set by the Activator page load. This demonstrates that the /home/stream request (to open the websocket) is coming from a page that has the cookie, i.e. from the same domain. Perhaps Activator doesn't know the domain you are loading the page from and therefore the cookie gets lost? Just a guess.
When the CSRF check fails that would then fail the websocket and cause the "Connection lost" error, though that error can also be caused by other things (such as proxies and antivirus software) that interfere with websockets.
You could possibly fix this, or take a step towards fixing this, by configuring the http.address system property to be picked up here: https://github.com/typesafehub/activator/blob/52012321b3a5a9f9dcf53582664e385d92763718/ui/app/activator/UIMain.scala#L130
You could also try setting application.defaultCookieDomain to the domain you are using (this is a Play config option and Activator's UI is a play app).
However:
you may well find other bugs in this scenario - it is not tested or supported
it is not at all secure unless you have some kind of authenticated proxy in front of it (there's no auth on the activator UI, and the UI has buttons to view and delete files, etc).
The activator shell command line is maybe a better option when you have your project build on a headless server, though I won't say running the UI is 100% impossible - you might be able to get it to work.
I want to change the settings of firefox so as to allow it to make cross domain ajax calls. Since due to the security feature of the firefox it doen't allow ajax calls to be made. I know if it is in same domain it will allow. I have a code given bellow which in safari works fine but firefox doesn't display the results when it calls csce server then since the code is on local machine doesn't allow it and returns error. I know it will start working if I load my this code to csce server but I want to run the code from my machine. So can anyone help me in resolving this. I have spent past couple of days just searching for this solution.
Kindly suggest how to achieve this or should I go with some older version of firefox?
I googled and set the parameters of browser in config file as specified in this site but it still doesn't work.
http://code.google.com/p/httpfox/issues/detail?id=20
Maybe you could use privoxy and tell it to inject something like "Access-Control-Allow-Origin: *" in the server response.
To do this, you would have to go into the file user.filter (create it if it doesn't exist) in privoxys configuration directory and insert something like this:
SERVER-HEADER-FILTER: allow-crossdomain
s|Server: .*|Access-Control-Allow-Origin: *|
Instead of Server, you can also use any other header that's always present and you don't need.
And this into user.action:
{+server-header-filter{allow-crossdomain}}
csce.unl.edu
Note: I didn't test it.
https://developer.mozilla.org/En/HTTP_access_control
http://config.privoxy.org/user-manual/
This appears to enable XSS from file:// pages in Firefox 4, although it prompts you so might not be suitable for more than simple test pages:
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");