I am writing my first WebAPI service, to be called from a pure HTML/javascript application. I am starting visual studio first, then running my app in Safari ( it refuses to run in Chrome, and gives this exact error no matter what I do, but has been fine in Safari until now ).
Based on my other SO reading on this, I've added a header that is Access-Control-Allow-Origin with a value of *.
When I push the button in my web app, it makes an AJAX call and I can step through the debugger to see that it's calling my service fine. When it returns, it always returns an object, and the error in Safari in the console is "XMLHttpRequest cannot load (myurl). Origin file :// is not allowed by Access-Control-Allow-Origin".
Any suggestions for how to get Safari to accept the return value would be greatly appreciated. As I said, it's returning a class, which I expected WebAPI would turn in to a JSON string to return to the browser. I don't know if I'm doing something wrong here, or if something is wrong in Safari. I should mention, although I think it's obvious, I am using MVC4, ergo I am using Safari on Windows, not Mac.
Thanks
How are you currently adding the header? The problem isn't getting safari to accept the return value, your WebAPI is rejecting the request.
Here's an article on how to implement CORS in Web API v1 (MVC4). http://goo.gl/BZkrlf
If you can use MVC5/WebAPI v2, there is an easier way to enable CORS via a NuGet package (see this how-to http://goo.gl/60YkgX)
This is an issue with protocol mismatch. You cannot send a cross domain request to HTTP protocol if the request is originating from the FILE protocol. Try viewing the page using a local webserver so you can preview the page in the browser using HTTP. I have experienced this same issue - it is browser side and not a problem with your service.
You can use Microsoft.AspNet.Cors from nuget and adding
var attr = new EnableCorsAttribute("", "", "GET");
config.EnableCors(attr);
to WebApiConfig.cs
Related
Every development pipeline has 2 parts. FIRST to work hard and develop the application. SECOND to work harder and make it compatible with the great arrogant IE.
We have an AngularJS (v1.3.13) application without any server side code developed in Webstorm. We are making REST calls to service. Our application works fine on Chrome and Firefox without any Console errors. However when we try to open the page in IE11 or IE9 (not tried IE10), our page doesn't load. Console suggests we have 2 errors. One of them is Access is Denied on
xhr.open(method, url, true);
in angular.js.
There are number of posts on internet and none seems to be working. This is what I have tried.
Hosting app in IIS with changed Handler Mappings to support Cross Domain calls on an Application pool of .Net v4.0 (as suggested by a Senior)
Tried to disable to cache for HTTP requests.
Adding Domain in trusted site category and also adding locahost/IP to local intranet.
Changing request type to JSONP and trying to add Access-Control-Allow-Origin (with value of *) to headers.
Changing IE settings to allow Cross Domain calls.
Error is still chasing us. Even my colleagues have tried the same on their machines ending up with similar blow. Is there anyone to suggest me something on this.
It may be CORS and I may need to go for xdr (XDomainRequest) but not sure how to use it as error is in angular.js. I am certainly no expert on this so please suggest.
Screen shot of the error:
IE shows another error:
[$injector:nomod] Module 'ngLocale' is not available!
You either misspelled the module name or forgot to load it.
If registering a module ensure that you specify the dependencies
as the second argument.
http://errors.angularjs.org/1.2.16/$injector/nomod?p0=ngLocale which I am ignoring for now.
Please suggest me something on this.
Thanks.
I switched from 1.3.4 to 1.4.8 and that did the trick. No more Angular Access Denied in I.E. (Microsoft Edge 25 2015). I don't know why.
<script src="https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.8/angular.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/angular-route.js/1.4.8/angular.min.js"></script>
Access is Denied on IE11 in AngularJS error have a solution on this link
I also got the same error while downloading Image from IE11. I have just added the following line in my code and It works.
window.navigator.msSaveBlob(blob, paramDataObject.fileName);
or
window.navigator.msSaveOrOpenBlob(blob, paramDataObject.fileName);
Have you tried xdomain? https://github.com/jpillora/xdomain it's a pure javascript CORS alternative.
if (window.navigator && window.navigator.msSaveOrOpenBlob) {
window.navigator.msSaveOrOpenBlob(blob);
}
else {
var objectUrl = URL.createObjectURL(blob);
window.open(objectUrl);
}
Setting window.location or window.open in AngularJS gives "access is denied" in IE 11
I've been experimenting with the Valence javaScript client library and the 'GettingStartedSample' download from D2L.
If the sample files are uploaded, accessed and ran from within a D2L course site the script works, however, if I try to run it from a localhost I run into a problem. On localhost I can successfully authenticate the application however when I try to run a 'Get Versions' or 'WhoAmI' request nothing happens.
Firebug tells me the following:
Object { readyState=0, status=0, statusText="error" } server.js (line 77)
error server.js (line 78)
(an empty string) (line 79)
Should I be able to make a request using the javascript client library from a localhost?
The short answer is yes, but you need to do some additional work.
I would advise reading up on the same origin policy so you have some background as to why XHRs (in your case, Valence calls) between domains do not work out of the box. The easiest thing to do is to use jsonp if all you are making are GET requests. If you need to make other requests, you will need to look into getting CORS support set up on your instance.
I am getting (NS_ERROR_DOCUMENT_NOT_CACHED) error when I try to access the Javascript code through firefox.I get this error in the contents tab of HTTPFOX.
I googled and set the parameters of browser in config file as specified in this site but it still doesn't work.
http://code.google.com/p/httpfox/issues/detail?id=20
Can somebody suggest whats going wrong since the same code works fine for safari browser..
If anyone is interested in a solution to this, I believe it's to do with the plugin noscript. Disabling it fixed this, but I have yet to work out what part of noscript was causing the issue. Will update if I find out.
Edit:My issues was with a twitter auth callback. In the Advanced settings of noscript under ABE, in the SYSTEM ruleset, on the line "Accept from LOCAL" I added "*.twitter.com". This allowed callback requests from *twitter.com to return to a local address.
On my macbook I had to uninstall firefox completely to correctly get the content of an ajax response with httpfox. This also implies to remove the firefox profile bij removing this Firefox folder (I could only find it via the terminal and not via Finder):
/Users/<YOURUSER>/Library/Application Support/Firefox
Then install firefox again and install the httpfox add-on.
I tried many cache settings also by entering about:config in the firefox URL however without succes. Be aware that removing the profile settings like I describe will also remove all your personal firefox customization. It concerned firefox 18.0.2 and httpfox 0.8.11.
We used to get the same error when our JavaScript made an XMLHTTPRequest to the server. On the server side, we had java, and the java response, the content type was not explicitly set to "text/html". When that was done
resp.setContentType("text/html");
the error went away.
I get the following error in Chrome's developer tools window when I try to set a cookie using this jQuery plugin:
Uncaught Error: SECURITY_ERR: DOM Exception 18
What does this error mean and how can I fix it? I get the same error when I use this jQuery plugin.
You're most likely using this on a local file over the file:// URI scheme, which cannot have cookies set. Put it on a local server so you can use http://localhost.
I also had this issue while developping on HTML5 in local.
I had issues with images and getImageData function.
Finally, I discovered one can launch chrome with the --allow-file-access-from-file command switch, that get rid of this protection security.
The only thing is that it makes your browser less safe, and you can't have one chrome instance with the flag on and another without the flag.
You can also "fix" this by replacing the image with its inline Base64 representation:
img.src= "data:image/gif;base64,R0lGODlhCwALAIAAAAAA3pn/ZiH5BAEAAAEALAAAAAALAAsAAAIUhA+hkcuO4lmNVindo7qyrIXiGBYAOw==";
Useful, when you do not intend to publish the page on the web, but instead use it on local machines only.
Faced with the same situation playing with Javascript webworkers. Unfortunately Chrome doesn't allow to access javascript workers stored in a local file.
One kind of workaround below using a local storage is to running Chrome with --allow-file-access-from-files (with s at the end), but only one instance of Chrome is allowed, which is not too convenient for me. For this reason i'm using Chrome Canary, with file access allowed.
BTW in Firefox there is no such an issue.
This error pops up, if you try to create a web worker with data URI scheme.
var w = new Worker('data:text/javascript;charset=utf-8,onmessage%20%3D%20function()%20%7B%20postMessage(%22pong%22)%3B%20%7D'); w.postMessage('ping');
It's not allowed according to the standard: http://www.whatwg.org/specs/web-apps/current-work/multipage/workers.html#dom-worker
I had this issue when using the history API.
window.history.pushState(null, null, URL);
Even with a local server (localhost), you want to add 'http://' to your URL so that you have something similar to:
http://localhost...
I wasn't completely happy by the --allow-file-access-from-files solution, because I'm using Chrome as my primary browser, and wasn't really happy with this breach I was opening.
Now I'm using Canary ( the chrome beta version ) for my development with the flag on.
And the mere Chrome version for my real blogging : the two browser don't share the flag !
One can also receive this error if using the new (so far webkit only) notification feature before getting permission.
First run:
<!-- Get permission -->
<button onclick="webkitNotifications.requestPermission();">Enable Notifications</button>
Later run:
// Display Notification:
window.webkitNotifications.createNotification('image', 'Title', 'Body').show();
The request permission functions needs to be triggered from an event caused by the user, otherwise it won't be displayed.
I was been getting that error in mobile safari when using ASP.NET MVC to return a FileResult with the overload that returns a file with a different file name than the original. So,
return File(returnFilePath, contentType, fileName);
would give the error in mobile safari, where as
return File(returnFilePath, contentType);
would not.
I don't even remember why I thought what I was doing was a good idea. Trying to be clever I guess.
Hey everyone, I'm working on a widget for Apple's Dashboard and I've run into a problem while trying to get data from my server using jquery's ajax function. Here's my javascript code:
$.getJSON("http://example.com/getData.php?act=data",function(json) {
$("#devMessage").html(json.message)
if(json.version != version) {
$("#latestVersion").css("color","red")
}
$("#latestVersion").html(json.version)
})
And the server responds with this json:
{"message":"Hello World","version":"1.0"}
For some reason though, when I run this the fields on the widget don't change. From debugging, I've learned that the widget doesn't even make the request to the server, so it makes me think that Apple has some kind of external URL block in place. I know this can't be true though, because many widgets phone home to check for updates.
Does anyone have any ideas as to what could be wrong?
EDIT: Also, this code works perfectly fine in Safari.
As requested by Luca, here's the PHP and Javascript code that's running right now:
PHP:
echo $_GET["callback"].'({"message":"Hello World","version":"1.0"});';
Javascript:
function showBack(event)
{
var front = document.getElementById("front");
var back = document.getElementById("back");
if (window.widget) {
widget.prepareForTransition("ToBack");
}
front.style.display = "none";
back.style.display = "block";
stopTime();
if (window.widget) {
setTimeout('widget.performTransition();', 0);
}
$.getJSON('http://nakedsteve.com/data/the-button.php?callback=?',function(json) {
$("#devMessage").html(json.message)
if(json.version != version) {
$("#latestVersion").css("color","red")
}
$("#latestVersion").html(json.version)
})
}
In Dashcode click Widget Attributes then Allow Network Access make sure that option is checked. I've built something that simply refused to work, and this was the solution.
Cross-domain Ajax requests ( Using the XMLHttpRequest / ActiveX object ) are not allowed in the current standard, as per the W3C spec:
This specification does not include
the following features which are being
considered for a future version of
this specification:
Cross-site XMLHttpRequest;
However there's 1 technique of doing ajax requests cross-domain, JSONP, by including a script tag on the page, and with a little server configuration.
jQuery supports this, but instead of responding on your server with this
{"message":"Hello World","version":"1.0"}
you'll want to respond with this:
myCallback({"message":"Hello World","version":"1.0"});
myCallback must be the value in the "callback" parameter you passed in the $.getJSON() function. So if I was using PHP, this would work:
echo $_GET["callback"].'({"message":"Hello World","version":"1.0"});';
Apple has some kind of external URL block in place.
In your Info.plist you need to have the key AllowNetworkAccess set to true.
<key>allowNetworkAccess</key>
<true/>
Your code works in Safari because it is not constrained in the dashboard sever and it is not standards complient in that it DOES allow cross site AJAX. FF IS standards complient in that it DOES NOT allow cross site ajax.
If you are creating a dashboard widget, why don't you use the XMLHttpRequest Setup function in the code library of DashCode. Apple built these in so you don't need to install 3rd party JS libraries. I'm not sure about JSON support but perhaps starting here will lead you in a better direction.
So another solution is to create your own server side web service where you can control the CORS of, the users web browser can't access another site, but if you wrap that other site in your own web service (on the same domain) then it does not cause an issue.
Interesting that it works in Safari. As far as I know to do x-domain ajax requests you need to use the jsonp dataType.
http://docs.jquery.com/Ajax/jQuery.getJSON
http://bob.pythonmac.org/archives/2005/12/05/remote-json-jsonp/
Basically you need to add callback=? to your query string and jquery will automatically replace it with the correct method eg:
$.getJSON("http://example.com/getData.php?act=data&callback=?",function(){ ... });
EDIT: put the callback=? bit at the end of the query string just to be safe.