I have protected my Couchdb database for access with a username. The access via curl https://user:password#url:port/dbname works fine. If I put this in the browser via url or using Javascript with CouchJS it works not (Error 401). I have enabled CORS in the CouchDB-config.
Can anyone help me, please.
If pasting the same URL you used with curl into the address bar of your browser doesn't work, then you may have a different problem. However, if you're just having trouble making AJAX requests against a CouchDB (which has CORS enabled) you probably need to set the Authorization header. See the answers to this question: How to use Basic Auth with jQuery and AJAX?
Related
This is a research question I've been hitting my head on for a while now. I'm not sure if it's possible but it seems like it should be.
How do I make var token that was defined in them.com's javascript to be visible to us.com's javascript WITHOUT sending information to any of the two servers?
The goal is to save information in the browser to be accessible cross-domain? localStorage, sessionStorage are domain-locked. And set-cookie make it visible to the server... So I cannot use those.
You could give CORS Anywhere a shot.
https://cors-anywhere.herokuapp.com/
CORS Anywhere is a NodeJS proxy which adds CORS headers to the proxied request.
Basically, you can prefix the request URL with https://cors-anywhere.herokuapp.com/.
For example:
fetch('https://cors-anywhere.herokuapp.com/http://your-req-url.com/some-endpoint')
You can also host it yourself. Further reading: https://github.com/Rob--W/cors-anywhere/
I have an online form to collect user's information.
In this form, I would like to make a call to NetSuite to get data.
I built a call to RESTlet with 'Authorization' on header, test this script by using postman and it works correctly
However when I do same thing on Online form (client script, call https.get() to RESTlet with valid header contain 'Authorization') It's return error "error code: INVALID_LOGIN_ATTEMPT" (none-sense error). I take 2 days to research why it's happening and found the issue is cross domain (i tried to call to RESTlet by using $.ajax and find issue).
Now, I would like to know how to pass "cross domain" issue while calling from online form.
What is best solution to call to NetSuite to get data from online form?
Thanks
Even if you were able to get around the CORS restriction, if call a Restlet from client side code that is a massive security problem because you are exposing your authorization token to end users.
A good approach is to "proxy" your Restlet using middleware such as a serverless function (like a Google Cloud Function, AWS Lambda etc.). This will solve both the CORS issue and keeping your credentials secure.
I am trying to create a drag and drop interface for my website that integrates with Imgur. The problem is that I am trying to use ajax with cookies. I have gotten it to work without signing in, but I need the pictures to be under my account. In theory my code should work, but in practice for some reason the ajax requests/cookies aren't working. What am I doing wrong? Thanks :D
My code: http://jsfiddle.net/msm595/9arFd/
My username and password aren't in there (although i was testing with a dummy account anyway).
https://developer.mozilla.org/en/http_access_control#Requests_with_credentials
You are using cross domain plus credentials. Then the server has to response with:
Access-Control-Allow-Origin: http://jsfiddle.net/msm595/9arFd/
and not with:
Access-Control-Allow-Origin:*
Wildcards are not allowed in this case.
You may want to test with Chrome, it shows both headers and gave me this message:
XMLHttpRequest cannot load http://api.imgur.com/2/signin. Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.`
That's all I can say, imgur has to explicitly allow your JS solution. You may need a piece of code running on server's side not having cross domain issues.
I have some Pre built script that makes some ajax request to one website. And it's working fine. But I am not able to make request to there some domains.
My working Process:-
1) I have pre built script on http://www.Test.com/a.js now i am calling this js in this domain http://www.test1.com by pasting the code to URL and it's working fine.
2) Now When I want to call one page from This http://hello.test1.com/as.php but it's showing some errors. How could i make request to subdomain page from main domain page.
Please let me know how can i do this.
Thanks in advance.
Your various options for cross-domain requests are:
The new Cross-Origin Resource Sharing (CORS) standard, if the browsers your users use support it and the server has support for it. Note that a lot of general web users still have browsers that don't support it.
JSON-P ("JSON with padding"), which is basically a dynamically-added script element
Using YQL (Yahoo Query Language) as a cross-domain proxy
There are several work arounds for cross domain scripting restrictions. easyXDM seems to do what you want.
You can use php curl to do the cross domain request using ajax. An ajax request will call php curl page which in turn will call cross domain with url specified in php curl page and return back the response .
I have implemented same and it works fine. Hope this helps Thanks.
I'm trying to write a plugin to use Meebo in Google Chrome, but the problem is that XMLHttpRequests from other servers than www.meebo.com are not allowed. If I type "https://www.meebo.com/mcmd/start.cgi?type=mobile&allowIPChange=true" into addressbar there is no problem and I get back the JSON data, but I want to use it in my script, so is there any solution to get the data returned from the meebo servers and use it in my script?
Thanks for help!
Not without using a server unless meebo has implemented CORS or JSONP
Alternatively turn off (bad idea) web security in Chrome: Cross-domain AJAX calls in Safari and Chrome