i simply need to load a cross-domain asp.net page using jQuery's load() function, but this page can trigger a redirect (i have access to both Server and Client pages).
The loaded page is an asp.net page and i use from server:
Response.Redirect("http://www.google.it")
but chrome cancels the redirect request. I already googled a lot about this and lot of people say "use CORS", i can't because cors are not supported on IE7 and i need to support that browser.
I tried with Custom Headers but seems like i can't read those from a cross domain, even if the server have this in web.config:
<customHeaders>
<add name="Access-Control-Allow-Headers" value="*" />
<add name="Access-Control-Allow-Origin" value="http://10.0.0.158" />
<add name="Access-Control-Allow-Methods" value="*" />
<add name="Access-Control-Allow-Credentials" value="true" />
<add name="Access-Control-Expose-Headers" value="*"/>
</customHeaders>
Yes, http://10.0.0.158 is my local "client page" ip.
After some googling i read about easyXDM libraries but i'm still not sure they can do the trick. Can i use those? How? Have i other alternatives?
Ps: i get the header with this:
jQuery('body').bind('ajaxSuccess',function(event,request,settings){
console.log("ajaxSuccess triggered: "+request.getAllResponseHeaders());
});
and it writes only this:
Content-Type: text/html; charset=utf-8
Cache-Control: private
with fiddler the header is a lot bigger with all my custom headers.
Related
my site is a static site and I serve the content from a IIS 8 web server. I used to use Apache and I have the following configuration for cache busting, which I'd like to implement in IIS:
# Extend cache expiry for fingerprinted URLs
RewriteCond %{QUERY_STRING} ^[0-9a-fA-F]{8,}$
RewriteRule ^ - [E=revved:1]
And then I set Cache-Control based on whether the environment variable "revved" is set:
# (For HTTP/1.1 clients)
Header set Cache-Control "max-age=1200" env=!revved
Header set Cache-Control "max-age=31536000" env=revved
My JS and CSS is bundled and I attach the hash to the query string. I do the same for images.
So far what I have been available to do is use the <clientCache /> element and attach cacheControlMode="UseMaxAge and cacheControlMaxAge="00:20:00" to it.
What you can see in the Apache config is that when the "revved" variable is set then the proxy server (CDN) and the client should cache the files for 365 days. Otherwise, it should only cache for 20 minutes. I'd like to have the same behaviour in my web.config.
I read about "Output Caching" in IIS, but from what I understand that is designed for dynamic pages using PHP or ASP.
I would be very grateful, if someone can guide me in the right direction.
I believe that I came up with a solution that is working. I got some hints from this post on MSDN "Change or modify a Response Header value using URL Rewrite".
<outboundRules>
<rule name="ChangeCacheControlHeaderOneYear">
<match serverVariable="RESPONSE_CacheControl" />
<conditions>
<add input="{QUERY_STRING}" pattern="^[0-9a-fA-F]{8,}$" />
</conditions>
<action type="Rewrite" value="max-age=31536000" />
</rule>
<rule name="ChangeCacheControlHeader20Minutes">
<match serverVariable="RESPONSE_CacheControl" />
<conditions>
<add input="{QUERY_STRING}" pattern="^[0-9a-fA-F]{8,}$" negate="true" />
</conditions>
<action type="Rewrite" value="max-age=1200" />
</rule>
</outboundRules>
XMLHttpRequest cannot load No 'Access-Control-Allow-Origin' header is present on the requested resource
you are trying to add duplicated custom header entry, try to define your custom headers like this:
<customHeaders>
<remove name="Access-Control-Allow-Origin" />
<add name="Access-Control-Allow-Origin" value="*"/>
I am preparing to demo Lightswitch to a group of about 100 software developers in a couple weeks and
have run into a snag.
I have a VS2012 solution with two projects:
Lightswitch - simple data model and ApplicationData.svc
Web - contains a web page that attempts to communicate with the ApplicationData.svc using JQuery Ajax
My problem is when I try to run the solution and execute the AJAX command, I get the following error:
XMLHttpRequest cannot load http://localhost:37650/ApplicationData.svc/MyEntities. Origin
http://localhost:53408 is not allowed by Access-Control-Allow-Origin.
After googling around for a while, I found this advice, which looked promising:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
But it did not resolve the issue. Any ideas?
Thanks!
You may need to add:
headers: { "If-Match": " *" }
see:
A Full CRUD DataJs and KnockoutJs LightSwitch Example Using Only An .Html Page
http://lightswitchhelpwebsite.com/Blog/tabid/61/EntryId/128/A-Full-CRUD-DataJs-and-KnockoutJs-LightSwitch-Example-Using-Only-An-Html-Page.aspx
I solved the same problem with this:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Max-Age" value="3600" />
<add name="Access-Control-Allow-Headers" value="Content-Type, Accept, MaxDataServiceVersion" />
<add name="Access-Control-Allow-Methods" value="PUT, POST, GET, DELETE, MERGE, OPTIONS" />
</customHeaders>
</httpProtocol>
I've been running into the same issue, only mine is that I am creating a HTML5 JQuery Mobile application that is NOT a web application. The app is JQuery based app that I am going to run through PhoneGap. My issue is that when I make the calls from the mobile app, I get the same cross domain issues.
What browser are you using to test? I am doing Chrome and I get the issue because of the initial Options request (see http://www.w3.org/TR/cors/ ). I've tried a bunch of possible solutions, like updating config files and so on, but to no avail.
My next kick at the cat will be to intercept the initial Options request by creating an IHttpHandler that I can apply as an attribute to the WCF service I am using (did I mention that I created custom WCF services within the Server project in the LightSwitch solution?).
I'll keep you posted...
Paul
I have a question, as on why do we need to add handelers to web.config file while working with telerik controls
what is the significance of the following code?
<system.web>
<httpHandlers>
<add verb="GET,HEAD" path="asset.axd" validate="false" type="Telerik.Web.Mvc.WebAssetHttpHandler, Telerik.Web.Mvc" />
</httpHandlers>
</system.web>
and another question is that in the section why do we remove the asset handler first and then immediately add it again?
<handlers>
<remove name="asset" />
<add name="asset" preCondition="integratedMode" verb="GET,HEAD" path="asset.axd" type="Telerik.Web.Mvc.WebAssetHttpHandler, Telerik.Web.Mvc" />
</handlers>
.axd files are HTTP handler files and Telerik probably use them for managing their scripts and assets such as images and stylesheets for their skins.
This handler has to be registered in the web.config so it's executed when the browser requests this file and to ensure it's directed to the approperate HTTP handler. Telerik controls behind the scenes can then safely assume the assets are available.
If you view the generate html source of your application you'll probably see references to asset.axd?blah==3dfijefi if you view the contents of this file you'll see exactly what's going on (although probably minified).
As for why they suggest removing and adding again I suspect it's to stop parent web.config files that may reference older versions etc... ? Just a safety net really.
I'm developing a MVC 3 WIF application, which exchanges claims with ADFS 2.0 and AD. It works really great, but there is one problem I can't seem to get around.
What I want to do is to keep the main page (HomeController) accessible for anonymous users, and when they enter different pages, they will be redirected to ADFS-signin. I have tried to add a location in my web.config and it works when I enter http://localhost/Home manually, but not when I enter https://localhost.
<location path="Home">
<system.web>
<authorization>
<allow users="?" />
</authorization>
<httpModules>
<add name="WSFederationAuthenticationModule" type="Microsoft.IdentityModel.Web.WSFederationAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add name="SessionAuthenticationModule" type="Microsoft.IdentityModel.Web.SessionAuthenticationModule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</httpModules>
</system.web>
Any suggestions on how I can work my way around this?
Using the location and authorization web.config settings is strongly discouraged since it will open up security holes in your MVC application:
http://forums.asp.net/t/1583850.aspx/1/10
Instead, you should use the [Authorize] attribute at the controller or action level to determine which users and roles should be given access.
For your issue, if you don't have [Authorize] specified, the pages should allow anonymous access.