Response for preflight has invalid HTTP status code 404 - asp.net-web-api

This is the responce i am getting when trying to upload a file from my client(PHP),My server is on WebApi which is hosted in one server.In my webapi i have allowed all CORS related things still i am getting this error.

Have you checked this tutorial?
Maybe when you say
In my webapi i have allowed all CORS related things
you didn't do that correctly, or maybe you enabled too many options at the same time.
It's hard to give you more details without access to your actual configuration.
There are also many posts on the same subject here on SO, have you checked them?

Related

Forbidden 403 Access URL API in Laravel

Good afternoon, let me ask
I created a service API using Laravel, but one of the API urls when I sent the response parameter was 403 or Forbidden. even though before it was fine, it worked smoothly. And I raised it to the server instead it became Forbide. Anyone know why? thank you for answering
If it is ok on local and getting a forbidden error on the server, the problem might be caused by the webserver application. please take a look at this link.

Content Security Violation in Shopify

I am using Shopify and I'm making an ajax get request to a different server. I have just implemented it so I'm testing it on the console. The request is getting through and I'm getting the response I want but I am also getting the following message:
[Report Only] Refused to connect to 'https://myurl.com/ApiClientes/ciudades' because it violates the >following Content Security Policy directive: "connect-src 'self' *.shopifycloud.com .shopifysvc.com >.amazon.com *.paypal.com *.facebook.com sessions.bugsnag.com analytics.tiktok.com bat.bing.com >www.google-analytics.com ct.pinterest.com stats.g.doubleclick.net".
I would like to get rid of it. Don't know what it is or what it means. I could really use some help. Thanks in advance :)
To handle this issue, don't make direct request to third-party server instead create one url at 'https://yourdomain.com/anypath/handlereqeust?r={requestURL}' to handle all the requests from Shopify store
Then make request to Shopify app as mentioned in this link: https://shopify.dev/apps/online-store/app-proxies

Cross Domain access to USPS Address validation API

I am trying to hit USPS address validation API by AJAX call and I am getting 'Cross-Origin Request Blocked' error.
However when I am trying to access the same address though URL, I am getting the results.
Has this error something to do with approval thing?
The id I am using for this has been approved and I am able to get the result by the API through URL.
I want to access it though scripting. Please help.
Any help would be appreciated.
Thanks in advance.
I think the way you might want to do this is to have the Ajax requests go to your web server -- the same HTTP server where the page came from. And then your server-side program (in PHP, or Python or whatever you're using) relays the request to the USPS server.
Making the request browser-side, from Ajax directly to the USPS server, is just the kind of suspicious activity (called Cross-Site Scripting) that browsers are learning to block.
CORS could theoretically be one way to unblock a Cross-Origin Request, but in that scheme it would be the USPS API server that ultimately grants that permission for pages from your domain. Tech detail: by inserting an Access-Control-Allow-Origin header in response to a request with an Origin header in the Ajax back-and-forth.

Magento not sending HTTP 404, but HTTP 500 in header response but it’s incorrect

I am trying to optimise Magento for SEO. I have it included in Google Webmaster Tools, and I have noticed that there are a lot of pages that are labelled withing GWT as server errors, that is, mostly http 500 errors.
So I did some looking into it, and the URLS that google says are HTTP 500 errors, well, I dont think they are supposed to be. Reason I say this is because Magento is calling the 404.phtml template of “Whoops...."… but Google is right, the header sent is http 500.
How do I go about debugging this? Any ideas?
Many thanks for your help!
Ben
Try visiting the offending pages with a browser that can emulate Googlebot headers (e.g. Firefox with User Agent switcher). This will ensure that the site is responding with the same response that Google is seeing. Also, you will need to enable developer mode and enable error reporting, which you may want to do conditionally based on your IP - this can all be done in index.php.
Ensure that you are reviewing the server logs.

Error sending Ajax Request to Django site from non-Django site

I am currently using Django 1.2. I am trying to send an ajax request to my Django site from our newly established drupal installation. I am able to send the request no problem from one view to another on my DJANGO site but I am unable to send a request from my local machine. I continue to get an error, I assume there is a CSRF verification issue. Does anyone know how I may resolve this issue.
-Greg
Not so recommended but quickest:
You can easily disable csrf protection for certain django views using csrf_exempt decorator. You can find more info in django docs
this might be also more justified if you run your app in 'trusted environment'.
Please mind that this causes some security problems. If you decide to use csrf_exempt you can think of some additional verifications (eg. you can allow requests on some view for some limited set of IPs or something else).

Resources