I have been getting a preflight error repeatedly. I have tried numerous methods and nothing works other than putting the call for the API on the same server. Locally it produces the above error.
I have tried altering the .htaccess file to allow "*", and changed other header settings in the .htaccess with no luck.
In Webpack I have tried setting them as well with no luck.
The network response I get:
The error I get:
The code I use to call the API
var attendeeRequest = {
"async": true,
"crossDomain": true,
"url": baseUrl + "attendees",
"method": "GET",
"headers": {
"api-key": apiKey,
"dm": dm,
"event-id": "",
"cache-control": "no-cache",
}
}
$.ajax(attendeeRequest).done(function(response) {
console.log(response);
});
Root .htaccess file
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
<IfModule mod_setenvif.c>
# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
# BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
# the above regex won't work. You can use the following
# workaround to get the desired effect:
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
# Don't compress images
SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
</IfModule>
<IfModule mod_headers.c>
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</IfModule>
</IfModule>
...there is another htaccess file in the folder public_html.
Public_html .htaccess file
#system System Redirects
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?url.com$
RewriteRule !^dotcom/ /dotcom%{REQUEST_URI} [L,NC]
#RewriteRule /dotcom%{REQUEST_URI} [L,NC]
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php
RewriteCond %{HTTP_HOST} ^docs\.url\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.docs\.url\.com$
RewriteRule ^/?$ "https\:\/\/docs\.url\.com\/" [R=301,L]
#Disable directory listing
Options -Indexes
#Set header for security
Header Set X-Content-Type-Options: "nosniff"
Header set X-Frame-Options DENY
Header set X-XSS-Protection "1; mode=block"
Header set Access-Control-Allow-Origin "*"
#Completes Cache-control and Pragma HTTP headers
<FilesMatch "\.(html|htm|js|css|php)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
</FilesMatch>
Related
I am getting error: Refused to apply style from 'https://api.pickmode.pl/filament/assets/app.css?id=4c051b8ff61afd3b5499c7dff41d944d' because its MIME type ('application/json') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
I am using apache web server with laravel app and filament admin panel. On my localhost with 'php artisan serve' everything is working.
my htaccess:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET,PUT,POST,DELETE"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"
AddType text/css .css
RewriteCond %{REQUEST_URI} \.css(\?.*)?$ [NC]
RewriteRule .* - [T=text/css]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
RewriteCond %{REQUEST_URI} !(\.ico|\.css|\.js|\.png|\.jpg|\.gif|robots\.txt|\.eot|\.svg|\.ttf|\.woff|\.woff2|\.otf|\.pdf)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# If this https://api.pickmode.pl/filament/assets/app.css is requested, then header will be added to response
# Header set Access-Control-Allow-Origin "*"
# Header set Access-Control-Allow-Methods "GET,PUT,POST,DELETE"
# Header set Access-Control-Allow-Headers "Content-Type, Authorization"
</IfModule>
I tried to force add text/css header in .htaccess file but it did not helped.
I'm trying to call a javascript file in another directory of the same server but I'm blocked by CORS policy while my htaccess shouldn't prevent that.
I have mydomain.com pointing to /directory1/ where index.php captures all the requests:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?path=$1 [NC,L,QSA]
If I call a JS file inside /directory1/, it will send me back to index.php. That's why I have moved the js file to another directory /directory2/ and I'm simply calling that JS with:
<script src="mydomain.com/directory2/test.js" type="module"></script>
in that directory, I have a .htaccess file with the following content:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
RewriteEngine On
RewriteCond %{ENV:HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Accessing the file directly into the browser works but accessing it from the script src doesn't work.
I have a CSP in directory1 using the following directive:
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options: "nosniff”
Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' *mydomain.com"
Header set Referrer-Policy "same-origin"
Am I missing something somewhere? I don't get a CSP error, I get a CORS error so I suppose my CSP is not the issue here.
Thanks
i've tried to use this config to my httacces file, but it doesnt work. the assets still has no encode
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{REQUEST_URI} .*\.(css|html|js)
RewriteCond %{REQUEST_FILENAME}.gz -s
RewriteRule ^(.+) $1.gz Apache for recompressing the files
RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-brotli,E=no-gzip]
RewriteRule "\.html\.gz$" "-" [T=text/html,E=no-brotli,E=no-gzip]
RewriteRule "\.js\.gz$" "-" [T=application/javascript,E=no-brotli,E=no-gzip]
<FilesMatch "\.(css|html|js)\.br$">
RemoveLanguage .br
Header set Content-Encoding br
Header append Vary Accept-Encoding
</FilesMatch>
<FilesMatch "\.(css|html|js)\.gz$">
Header set Content-Encoding gzip
Header append Vary Accept-Encoding
</FilesMatch>
I'm using linux OS and apache.
I created a webapp directory inside public_html. inside public_html I have a landing page. I want to keep this landing page.
all resources can fetch as well.
but I got Page not found error.
I found out that I should send all requests to index.html file.
.htaccess file:
<ifModule mod_rewrite.c>
#######################################################################
# GENERAL #
#######################################################################
# Make apache follow sym links to files
Options +FollowSymLinks
# If somebody opens a folder, hide all files from the resulting folder list
IndexIgnore */*
#######################################################################
# REWRITING #
#######################################################################
# Enable rewriting
RewriteEngine On
# If its not HTTPS
RewriteCond %{HTTPS} off
# Comment out the RewriteCond above, and uncomment the RewriteCond below if you're using a load balancer (e.g. CloudFlare) for SSL
# RewriteCond %{HTTP:X-Forwarded-Proto} !https
# Redirect to the same URL with https://, ignoring all further rules if this one is in effect
RewriteRule ^(.*) https://%{HTTP_HOST}/$1 [R,L]
# If we get to here, it means we are on https://
# If the file with the specified name in the browser doesn't exist
RewriteCond %{REQUEST_FILENAME} !-f
# and the directory with the specified name in the browser doesn't exist
RewriteCond %{REQUEST_FILENAME} !-d
# and we are not opening the root already (otherwise we get a redirect loop)
RewriteCond %{REQUEST_FILENAME} !\/$
# Rewrite all requests to the root
RewriteRule ^(.*) /
</ifModule>
<IfModule mod_headers.c>
# Do not cache sw.js, required for offline-first updates.
<FilesMatch "sw\.js$">
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</FilesMatch>
</IfModule>
but I got not found message error:
https://parsebar.com/webapp/login
I use this snippet in my .htaccess when my react app runs in a subfolder:
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.html [QSA,L]
I want get value from json which is there on server.
I get value by ajax.
I have message with error in console:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading
the remote resource at https:/web_page/filewith_json.php. (Reason:
CORS header ‘Access-Control-Allow-Origin’ missing).
My in my file .htaccess there are:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^web_page.pl$ [NC]
RewriteRule ^(.*)$ https://www.web_page.pl/$1 [R=301]
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
<FilesMatch "\.(ttf|otf|eot|woff)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
You only allow cross origin on ttf|otf|eot|woff files, but not on php files. Try replacing FilesMatch to this:
<FilesMatch "\.(php|ttf|otf|eot|woff)$">
(or remove FilesMatch entirely)