This issue is driving me a little nuts. I'm trying to upload files via AJAX POST to an S3 bucket.
I have all the credentials correct because when I do normal HTTP POSTs it creates the resource in the S3 bucket just fine. But I would really like to upload multiple file at once with progress bars, hence I need AJAX.
I have CORS setup on my S3 bucket:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>http://localhost:3000</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Right now I'm just trying to get it working in my development environment (localhost:3000, using standard Rails 4.1).
From my understanding, the above CORS rule should allow AJAX requests from localhost:3000 to the S3 bucket.
However, every time I submit a file via AJAX, I get the following error:
XMLHttpRequest cannot load https://s3.amazonaws.com/<BUCKET>. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
This doesn't make any sense to me because localhost:3000 IS granted access via the CORS rule.
I've also provided a snippet of the JS I used to submit the form:
$.ajax({
method: "POST",
crossDomain: true,
url: "https://s3.amazonaws.com/<BUCKET>",
data: $(this).serialize() # Contains S3 necessary values
})
The form has inputs for the Amazon S3 keys/etc necessary. I know they work because when I do normal HTTP POSTs it creates the asset properly in S3. All I'm trying to do is AJAXify the process.
Am I missing something obvious here?
Using: Rails 4.1, jquery-file-upload, fog gem (for S3)
you can try by changing
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>
Your question seems very similar to a problem I had, which was never properly (precisely) answered either and seemed to be an issue related to a browser limitation instead of the actual transfer technology behind it.
Here's a link to my original question and the answers I received here on SO:
Why Doesn't Microsoft Skydrive Download Multiple Files via API?
Hopefully this may offer some insight into your problem and isn't just noise.
Related
I have a protected page setup in AEM using the Authentication Requirement checkbox on the author. Then over in the OSGi I have config for my external Okta SAML config:
<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0"
xmlns:jcr="http://www.jcp.org/jcr/1.0"
jcr:primaryType="sling:OsgiConfig"
identitySyncType="default"
keyStorePassword="admin"
service.ranking="5002"
idpHttpRedirect="{Boolean}false"
createUser="{Boolean}true"
defaultRedirectUrl="/"
userIDAttribute="ssoGuid"
idpIdentifier=""
assertionConsumerServiceURL=""
defaultGroups="[everyone]"
storeSAMLResponse="{Boolean}false"
signatureMethod="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
idpCertAlias="certalias___1657659258516"
addGroupMemberships="{Boolean}true"
path="[/content/mySite]"
digestMethod="http://www.w3.org/2001/04/xmlenc#sha256"
synchronizeAttributes="[...]"
clockTolerance="60"
groupMembershipAttribute="groupMembership"
idpUrl="oktaURL"
serviceProviderEntityId="https://stage.mySite.com"
logoutUrl=""
handleLogout="{Boolean}false"
userIntermediatePath="sso"
spPrivateKeyAlias=""
useEncryption="{Boolean}false"
nameIdFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
And in my okta config, I have https://stage.mySite.com/saml_login as the SSO URL and https://stage.mySite.com as the audience restriction.
When I navigate to the requested page in AEM I get redirected to Okta, I sign in and am redirected to https://stage.mySite.com/saml_login, all of this is expected, here is where it gets weird, I then get a 301 redirect to https://stage.mySite.com/saml_login.html which then gives a 404. It seems like AEM does not have a listener setup and so does the redirect.
Any thoughts on what i might have misconfigured?
In my case, it was a dispatcher config issue (or nginx, not sure where the rewrite was done).
It was setup to append '.html' if it does not exist in the requested url. I needed to make an exception for that rule.
Can someone explain how workspace proxy works?
Whats the right configuration so I can make requests from shell (please see below)?
I have Geoserver running in a docker container and is listening in the host on port 12018.
Everything is fine accesing through the web browser.
The following URL request works on browser:
http://localhost:12018/geoserver/geonode/ows?service=WFS&version=1.0.0&request=GetFeature&typeName=my_data_name35&maxFeatures=50&outputFormat=application%2Fjson
Using typeName as geonode:my_data_name35 also works:
http://localhost:12018/geoserver/geonode/ows?service=WFS&version=1.0.0&request=GetFeature&typeName=geonode%3Amy_data_name35&maxFeatures=50&outputFormat=application%2Fjson
But from cURL, the first request returns:
<?xml version="1.0" ?>
<ServiceExceptionReport
version="1.2.0"
xmlns="http://www.opengis.net/ogc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.opengis.net/ogc http://schemas.opengis.net/wfs/1.0.0/OGC-exception.xsd">
<ServiceException code="InvalidParameterValue" locator="typeName">
Feature type :my_data_name35 unknown
</ServiceException></ServiceExceptionReport>
And also from cURL, the second request returns:
<?xml version="1.0" ?>
<ServiceExceptionReport
version="1.2.0"
xmlns="http://www.opengis.net/ogc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.opengis.net/ogc http://schemas.opengis.net/wfs/1.0.0/OGC-exception.xsd">
<ServiceException code="InvalidParameterValue" locator="typeName">
Feature type geonode:my_data_name35 unknown
</ServiceException></ServiceExceptionReport>
Any help is appreciated. Thanks!
I found the problem, very basic actually.
The resource requested needs authentication, where the browser passes the cookie.
Using cURL, also needs to pass authentication.
It does not return forbidden maybe because some resources don't need authentication.
Sorry for the noise.
I have a problem with an Azure Web App, as it does not load a .json file that is located on the server. The app is running fine until it needs to load the data from the .json file. The event is triggered by clicking a button that runs a javascript code that makes a XmlHttpRequest call.
This is the jQuery code (placed inside mvc_test.js file) that makes the request:
$(document).ready(function () {
var model = {
userLanguage: 'en-EN',
getData: function() {
return $.ajax({
url: "https://easyfabric.azurewebsites.net/js/clauses_array.json",
type: "GET",
dataType : "json", //"text"
timeout: 5000
});
}
};
I have used an absolute path to the resource, but i received the same error using a relative path.
The code above should get the data and pass it to a function that will print the data to the console.
It had worked before, but then i have changed intentionally to a wrong path for testing a modal window containing an error message. When i changed back to the correct path (yesterday) i start receiving 404 Errors. I have moved the ***.json file***in the same folder with the javascript file that makes the xhr request but does not work either. The index.html, .css and .js files, jquery and office-ui frameworks are loaded without problems.
The content of the app is deployed to the server from a github repository.
The Failed Request Tracing log in the Diagnostic section of Azure Portal gives me a warning of SECURITY_DENIED_BY_MIMEMAP and a MODULE_SET_RESPONSE_ERROR_STATUS.
Seems that some security setting on the server denies the access to the .json file. But it is strange that the .js file from the same folder is loaded ( as I have cleared the cache of my browser) and .json file is not.
Can anyone shed some light to this problems and how can be solved?
Thanks!
I had the same problem a few months ago.
I've fixed it by adding to the web.config these lines of code
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<staticContent>
<remove fileExtension=".json"/>
<mimeMap fileExtension=".json" mimeType="application/json"/>
</staticContent>
</system.webServer>
</configuration>
This essentially says to IIS to serve ALL .json files as a static file, as by default this feature is disabled.
If you don't have a web.config file you need to create it in the root folder of your website.
I hope I helped you :)
I know guys, there are tons of questions about the Amazon S3 Buckets and CORS. But please, let me add mine.
So I'm writing an application in Dart and I am performing an ajax request to a resource which is hosted on S3. I originally wanted to grab the first 100 bytes of the resource which is why I came up with the following beautiful piece of code:
HttpRequest req = new HttpRequest();
req.open('GET', item.get('upload').get('url'));
req.setRequestHeader('Range', 'bytes=0-99');
req.onReadyStateChange.where((e) => req.readyState == HttpRequest.DONE).first.then((e) {
print(req.responseText);
});
req.send();
As you may guess from the title of this question, this code didn't work and I get a
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.
This seemed pretty strange to me, since I set up a CORS which should prevent this issue...
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedHeader>*</AllowedHeader>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
</CORSRule>
</CORSConfiguration>
For whatever reasons this obviously doesn't work. I loaded the application in Firefox and voila, it's working. It seems like CORS does work and the issue is either because of Chrome or Dart.
I fiddled around a little bit and for some reasons, you may excuse me, it's pretty late here, I came up with this:
HttpRequest req = new HttpRequest();
req.open('GET', item.get('upload').get('url'));
req.setRequestHeader('Range', '0-99');
req.onReadyStateChange.where((e) => req.readyState == HttpRequest.DONE).first.then((e) {
print(req.responseText);
});
req.send();
Yea exactly, I just removed bytes= from my previous code snipped. And guess what, suddenly my ajax requests runs through and prints the full text. Wooot?! I can add a corrupted Range Header and I get over this security issue? Well, that's exactly what just happend. Of course, I got more than the first 100 bytes, but at least I got something. Since I had no explaination why a corrupted Range header make the request work, I replaced the Range header with some other random strings and none of them worked.
I know, your mind probably just got blown - so did mine! Thus I want to summarize what we just discovered.
Making a Cross-Domain ajax request in Chrome with Dart doesn't work due to security issues, although
the CORS which is setup seems to work at least for Firefox.
Chrome's security issue can be 'exploited' by adding a corrupted Range request header, but
no other header has the same effect.
Like really? I mean, I have no idea whats going on here.
Can anyone explain at least something to me? - and in case someone has an idea or solution to address the issue that I cannot get the first 100 bytes in Chrome, I would be thankful for the rest of my life.
Thank you in advance!
I finally managed to fix the bug.
No, it's neither a Chrome nor a Dart bug. It has something todo with some cache. The solution is a dirty string query hack which is simple to do:
HttpRequest req = new HttpRequest();
req.open('GET', '${item.get('upload').get('url')}?t=${new Random().nextInt(99999)}');
req.setRequestHeader('Range', '0-99');
req.onReadyStateChange.where((e) => req.readyState == HttpRequest.DONE).first.then((e) {
print(req.responseText);
});
req.send();
Adding a random number to the query will cause the cache, I don't know if it's the Amazon or Chrome cache, to do the correct thing.
I am extremely new to using phonegap,codeigniter and jQuery Mobile (My first project) and have currently created an app with jQuery Mobile on the Client side and on the Server side I used the Codeigniter framework to create a RESTful API. Now when I am developing locally the app with in the browser (not yet using phonegap) communicates just fine with the API and no problems occur.
I placed the Codeigniter API on a server yesterday and I am now encountering 2 problems:
The App which was built using jQuery Mobile keeps getting the
following error:
Origin localhost is not allowed by Access-Control-Allow-Origin.
Now I have done some reading up and most people say to use jsonp instead of json and also to use the following on the Server Side:
$CI->output->set_header("Access-Control-Allow-Origin: *");
$CI->output->set_header("Access-Control-Expose-Headers: Access-Control-Allow-Origin");
$CI->output->set_status_header(200);
$CI->output->set_content_type('application/json');
Now my problem is I'm not entirely sure which one is used to fix the problem, weather it is both that need to be implemented etc. If they need to be fixed, how is it done? Is there a place that is well documented that can teach me how to deal with this problem, preferably I would like some where to read up on so I can learn?
The second problem is when I place the jQuery Mobile app into
phonegap and build it for Android. The app fails to get the
data from the server. Now is the reason for this because of the cross
domain error above or is this problem different? I also did some
reading up in this section as well and to my Android config.xml I
added the following code:
But I'm I still can't pull anything from the server. Like I said I'm a bit of a newbie but would really appreciate some help in this matter. Also I am aware that I haven't posted code but based on the comments I'll post which ever code the community needs to help solve this problem, just simply specify which code. Thank you for the help in advance!
About the Access-Control-Allow-Origin problem, I faced the same error and solved by placing this line <?php header('Access-Control-Allow-Origin: *'); ?> in the index.php which is in the root of the project.
This question hasn't been answered 100% but for now thanks to the help of #Niloy Saha, to fix the Access-Control-Allow-Origin error with with the Codeigniter RESTful frame work simply go to your controller in the Controller folder and right at the top paste;
header('Access-Control-Allow-Origin: *');
This then should allow you to communicate from the browser to the server and be able to get a response. After a good for hours of trying I managed to fix my problem. With in the Android project in the res/xml folder there is a file called config.xml. In that file be sure to have the following code:
<access origin="http://10.0.2.2*" subdomains="true"/>
and also make sure you have the following:
<uses-permission android:name="android.permission.INTERNET" />
in your AndroidManifest.xml. For me that seemed to get everything to work
I did similar thing as yours, Zend FW with API on server and jQuery Mobile App.
I've used JSONP, didn't use any Access-Control-Allow-Origin headers.
I have a method in my controller:
function returnData($data) {
header('Content-type: text/javascript');
echo $_GET['callback']. '('. json_encode($data). ')';
die();
}
At the end of API call i use it to return data.
Getting data in jQuery:
$.ajax({
dataType: "jsonp",
url: url,
data: {someparam: 'value'},
success: function(data) { /* ur data is here */ }
});