XMLHttpRequest cannot load No 'Access-Control-Allow-Origin' header is present on the requested resource
you are trying to add duplicated custom header entry, try to define your custom headers like this:
<customHeaders>
<remove name="Access-Control-Allow-Origin" />
<add name="Access-Control-Allow-Origin" value="*"/>
Related
I'm using a asp.net webapp which uses system.webServer in web.config and have a list of user accounts as roles.
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="MOON\USER1" />
<add accessType="Allow" roles="MARS\USER2" />
</authorization>
</security>
</system.webServer>
and to achieve this authorization in asp.net core i tried to use different approaches and none seems working. What is the right and best way in asp.net core to implement authorization of web app to load for restricted users.
I don't know if you managed to find the solution to your issue but the first problem in that config file is that the auth rules are matched in order. All your requests are matching the deny first and you never get to evaluate the access for USER1 and USER2.
my site is a static site and I serve the content from a IIS 8 web server. I used to use Apache and I have the following configuration for cache busting, which I'd like to implement in IIS:
# Extend cache expiry for fingerprinted URLs
RewriteCond %{QUERY_STRING} ^[0-9a-fA-F]{8,}$
RewriteRule ^ - [E=revved:1]
And then I set Cache-Control based on whether the environment variable "revved" is set:
# (For HTTP/1.1 clients)
Header set Cache-Control "max-age=1200" env=!revved
Header set Cache-Control "max-age=31536000" env=revved
My JS and CSS is bundled and I attach the hash to the query string. I do the same for images.
So far what I have been available to do is use the <clientCache /> element and attach cacheControlMode="UseMaxAge and cacheControlMaxAge="00:20:00" to it.
What you can see in the Apache config is that when the "revved" variable is set then the proxy server (CDN) and the client should cache the files for 365 days. Otherwise, it should only cache for 20 minutes. I'd like to have the same behaviour in my web.config.
I read about "Output Caching" in IIS, but from what I understand that is designed for dynamic pages using PHP or ASP.
I would be very grateful, if someone can guide me in the right direction.
I believe that I came up with a solution that is working. I got some hints from this post on MSDN "Change or modify a Response Header value using URL Rewrite".
<outboundRules>
<rule name="ChangeCacheControlHeaderOneYear">
<match serverVariable="RESPONSE_CacheControl" />
<conditions>
<add input="{QUERY_STRING}" pattern="^[0-9a-fA-F]{8,}$" />
</conditions>
<action type="Rewrite" value="max-age=31536000" />
</rule>
<rule name="ChangeCacheControlHeader20Minutes">
<match serverVariable="RESPONSE_CacheControl" />
<conditions>
<add input="{QUERY_STRING}" pattern="^[0-9a-fA-F]{8,}$" negate="true" />
</conditions>
<action type="Rewrite" value="max-age=1200" />
</rule>
</outboundRules>
i simply need to load a cross-domain asp.net page using jQuery's load() function, but this page can trigger a redirect (i have access to both Server and Client pages).
The loaded page is an asp.net page and i use from server:
Response.Redirect("http://www.google.it")
but chrome cancels the redirect request. I already googled a lot about this and lot of people say "use CORS", i can't because cors are not supported on IE7 and i need to support that browser.
I tried with Custom Headers but seems like i can't read those from a cross domain, even if the server have this in web.config:
<customHeaders>
<add name="Access-Control-Allow-Headers" value="*" />
<add name="Access-Control-Allow-Origin" value="http://10.0.0.158" />
<add name="Access-Control-Allow-Methods" value="*" />
<add name="Access-Control-Allow-Credentials" value="true" />
<add name="Access-Control-Expose-Headers" value="*"/>
</customHeaders>
Yes, http://10.0.0.158 is my local "client page" ip.
After some googling i read about easyXDM libraries but i'm still not sure they can do the trick. Can i use those? How? Have i other alternatives?
Ps: i get the header with this:
jQuery('body').bind('ajaxSuccess',function(event,request,settings){
console.log("ajaxSuccess triggered: "+request.getAllResponseHeaders());
});
and it writes only this:
Content-Type: text/html; charset=utf-8
Cache-Control: private
with fiddler the header is a lot bigger with all my custom headers.
I'm using Tererik:RadEditor in asp.net. When I click ImageManger it is shown totally broken. I have not applied any CSS to the page or any control.
How to resolve this issue?
Hi this issue comes because of some missing handlers. Please add the following to your handlers in Web.config file to fix the above issue.
<httpHandlers>
<add verb="*" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource, Telerik.Web.UI" validate="false" />
<add verb="*" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler, Telerik.Web.UI" validate="false" />
</httpHandlers>
<system.webServer>
<handlers>
<add name="Telerik_Web_UI_DialogHandler_aspx" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" preCondition="integratedMode"/>
</handlers>
</system.webServer>
This should fix the issue.
This happens exactly because you didn't apply Telerik Css file to your control.
To fix this, you need to add css file for editor control to your page. you can do it in markup or design mode by selecting skin.
If you're going to inspect your code, you should see 404 errors. Do you see them?
I am preparing to demo Lightswitch to a group of about 100 software developers in a couple weeks and
have run into a snag.
I have a VS2012 solution with two projects:
Lightswitch - simple data model and ApplicationData.svc
Web - contains a web page that attempts to communicate with the ApplicationData.svc using JQuery Ajax
My problem is when I try to run the solution and execute the AJAX command, I get the following error:
XMLHttpRequest cannot load http://localhost:37650/ApplicationData.svc/MyEntities. Origin
http://localhost:53408 is not allowed by Access-Control-Allow-Origin.
After googling around for a while, I found this advice, which looked promising:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
But it did not resolve the issue. Any ideas?
Thanks!
You may need to add:
headers: { "If-Match": " *" }
see:
A Full CRUD DataJs and KnockoutJs LightSwitch Example Using Only An .Html Page
http://lightswitchhelpwebsite.com/Blog/tabid/61/EntryId/128/A-Full-CRUD-DataJs-and-KnockoutJs-LightSwitch-Example-Using-Only-An-Html-Page.aspx
I solved the same problem with this:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Max-Age" value="3600" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Accept, MaxDataServiceVersion" />
<add name="Access-Control-Allow-Methods" value="PUT, POST, GET, DELETE, MERGE, OPTIONS" />
</customHeaders>
</httpProtocol>
I've been running into the same issue, only mine is that I am creating a HTML5 JQuery Mobile application that is NOT a web application. The app is JQuery based app that I am going to run through PhoneGap. My issue is that when I make the calls from the mobile app, I get the same cross domain issues.
What browser are you using to test? I am doing Chrome and I get the issue because of the initial Options request (see http://www.w3.org/TR/cors/ ). I've tried a bunch of possible solutions, like updating config files and so on, but to no avail.
My next kick at the cat will be to intercept the initial Options request by creating an IHttpHandler that I can apply as an attribute to the WCF service I am using (did I mention that I created custom WCF services within the Server project in the LightSwitch solution?).
I'll keep you posted...
Paul