I was trying to authenticate in our Tableau Server via HTTPS. I enabled the cors in our server and add our host to the allow origin by following this documentation: https://help.tableau.com/current/api/rest_api/en-us/REST/rest_api_concepts_fundamentals.htm#enabling-cors-on-tableau-server-for-the-rest-api
After restarting the server we're still facing some CORS issue when making a POST API.
Here is the screenshot of the response headers below in the actual request:
Here is the screenshot of the response headers below in Pre Flight request:
Is it something related to Web browser / Frontend? Or I'm missing some extra configuration in Tableau server?
We're using React.js in our client that is deployed in S3 Bucket with a nginx proxy server on top of it hosted in an EC2.
Any help would be appreciated. Thanks
Related
I hope you people are doing well. I have the CORS error in my AWS API gateway. I have some backend services that locate in the EKS cluster. I made one VPC link with my internal NLB. I have some Swagger definitions for my backend services, I import them in my AWS API gateway and enable the cors for all my endpoints. So, it's working fine and I can easily access my backend resources without any cors issues in postman. but when the same API I try to connect with my frontend react application, it gives the CORS error. I got a positive prelight response with code 200. Below is the error I got while accessing the resource.
Access to fetch at
'https://5yl423946k5.execute-api.ap-south-1.amazonaws.com/mobile-api/getAvailableSubscriptions'
from origin
'http://a40ee71e46345234aa068fabdfbbbfc8-658183s33c9cd7f2.elb.ap-south-1.amazonaws.com'
has been blocked by CORS policy: Request header field
access-control-allow-origin is not allowed by
Access-Control-Allow-Headers in preflight response.
If you need some extra information please feel free to ask :)
I have a https frontend which is making requests to the backend. After adding ssl certificate my requests are getting blocked. I cannot make my backend api https. What should i do?
FYI:
The frontend server is react, the backend is express and i am running nginx.
In order to make https requests to the backend server, i just set it as a subdomain and it all worked.
I am facing problem when I call an api end point url from a https page. I have hosted my front-end code in aws s3 bucket and a third party ssl certificate is deployed .so my react code is served over https. And my back-end is deployed inside a single instance application of elastic bean stalk. while I am trying to call my back-end url from my front-end application, it is throwing the below error.
Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ''. This request has been blocked; the content must be served over HTTPS.
Can anyone help me to resolve this issue.
Thanks.
You need to setup your ELB (AWS Elastic Beanstalk) application to use SSL/HTTPS
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https.html
You can set this up with Route53 and AWS Certificate Manager (ACM).
In an effort to move a web platform to HTTPS, I ran into a problem. Here is the setup that I am using:
Python Flask-based http server is served by gunicorn
Nginx directs SSL-encrypted HTTPS traffic to the http server
The http server serves a ReactJS page
Independent Python Flask-based API server is served by gunicorn
Now I am making PUT and GET requests from the ReactJS page into the API server. Because the ReactJS page is proxied via HTTPS, of course any request is fully encrypted. Thus, the API server receives encrypted requests.
My question is, how can I query an API server from within an HTTPS ReactJS page?
If I got it right question is "how to override browser security that blocks me from sending requests by http:// from within page hosted at https://".
The answer is: no way to do that.
If it is not possible to enable SSL for API server you may use your own server act as secure proxy. So finally it'd look like ReactJS -> HTTPS -> your server -> HTTP -> API server
UPD similar case sending request from https to http from chrome extension (spoiler: no workarounds available)
I am dealing with a third party REST API server which uses Basic Authentication. We don't have control over that server and in case of a 401 chrome pops up a dialog for username and password which is essentially because of the WWW-Authenticate header which is present in the response in case of a 401. We have a reverse proxy setup on Azure through which all the requests are being made to the API server. I am wondering if there is a way we can suppress/remove the WWW-Authenticate header in the reverse proxy IIS webconfig somehow. Or is there any other way to suppress this dialog without the help from the API server itself. The front-end is an Angular application. Thanks in Advance!
Update: We are able to achieve the same in our local dev environment where we are using nginx by just adding proxy_hide_header WWW-Authenticate; to the server.conf file. Does IIS has something similar that can be used to strip that header from the response?