How to handle CORS error in Angular JS . - angularjs

How to handle CORS error in Angular JS . I used CORS tool in chrome and fixed the issue, Any chance to handle it in frontend without using CORS tool . I don't want to make any change in backend.
enter image description here

CORS is a built-in browser security feature. Modern browsers use CORS to determine whether they have been given access to access a certain resource.
Turning it off is a hack. Using a CORS tool in chrome isn't fixing the issue at all, it's monkey-patching it so that it works on your development machine.
You'll have to read up on how to configure CORS on the server side. For a safe application CORS is not optional, and it is in your company's interests to implement it, but unfortunately it's beyond the scope of the question for me to tell you how to do that here.
Alternatively, you could configure your application and your backend to work with JSONP, CORS's older cousin. CORS is generally preferred to JSONP because JSONP only supports GET requests, but it may be easier to set up in your circumstance.

Related

CORS Error, Allow Origin from Google Developer Console Google Place API

I am using Place API from google, But getting error CORS
I am using fetch javascript API
React JS
I think it's a duplicate question and you can find complete answers in this StackOverflow post
also, you can read about cors error here, in a simple explanation, Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.
Basically, this is a configuration to web server API and you should fix the problem there, but there is something you can try out for the front-end development local environment you can use this extension if you are using chrome and this for firefox, they simply add some headers to requests and responses to pass cors error. there are some other solutions to this you can find in the post I mentioned above

With Identity Aware Proxy, is it possible to make a cross origin request to another GAE "service" in the same GCP project with a different hostname?

The setup:
Service A (frontend): GAE serving static site, all calls made from A are happening on client side.
Service B (api): GAE instance hosting REST API.
Without Identity Aware Proxy, I am able to make requests from the clientside of the frontend to the api on a different hostname by setting CORS to allow calls from the service A hostname.
I would like to be able to do the same thing while both services are behind Identity Aware Proxy.
Following the instructions in IAP docs I have:
Set my app to respond the OPTIONS requests
Changed the setting access_settings.cors_settings.allow_http_options to true using gcloud CLI.
Here is the error I'm facing:
Access to XMLHttpRequest at 'https://api-dot-my-app-dev.appspot.com/api/123' from origin 'https://frontend-dot-my-app-dev.appspot.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
When I make the same requests from localhost to localhost or from service A (client side) to localhost api the requests succeed.
This leads me to believe that the issue is related to Identity Aware Proxy. My only guess is that it's related to the preflight request, which I don't see anything about in the network requests in the browser console.
I would really like to be able to keep both apps behind IAP with their own hostnames while still communicating. Unfortunately, I have about exhausted ideas for how to do this.
In the meantime I have it working using alternative #2 below for now.
Alternatives:
Have the API serve the static site so they are on the same hostname
Use dispatch.yaml to serve both sites from the same hostname
Any ideas if this is possible or what might be going wrong?
Edit: Here is a repo to demonstrate my problem.
Edit 2: According to this article, this functionality used to work and Google said it would be a good idea to support it but offered not timeline.
Not sure if that can be applied on your use case but I have seen this kind of issue being resolved by allowing CORS preflight request to be passed through IAP by changing the access_settings.cors_settings.allow_http_options to true.

Fetch API cannot load https://login.live.com/oauth20_authorize.srf?client_id=...

I am running into an issue with my Reactjs app that interfaces with Web API 2 deployed to Azure with Microsoft Authentication where my initial GET request throws an error that says:
Fetch API cannot load https://login.live.com/oauth20_authorize.srf?
client_id=[...]&redirect_uri=[MY_REDIRECT_URL].
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin '[MY_AZURE_SITE]' is therefore not allowed access. If an opaque response serves
your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I am really new to Azure and using React so I am unsure where i went wrong here. The weird part about this issue is that if I turn of Microsoft Authentication for my app it works as expected.
I have been stuck on this issue for a little while now, and am not really sure where I am going wrong. I also am not sure what information would be useful to help troubleshooting this issue so please feel free to comment asking for code/information and I will to update my question.
You are trying to get content from a different URL then your site originally host.
For security reasons APIs set some rules for requests. To be able to make requests you need to set up CORS. There for you need to set up appropriate headers for your requests.
You can read more about CORS here
A resource makes a cross-origin HTTP request when it requests a
resource from a different domain, protocol, or port to its own. For
example, an HTML page served from http://domain-a.com makes an
src request for http://domain-b.com/image.jpg. Many pages on the web
today load resources like CSS stylesheets, images, and scripts from
separate domains.
For security reasons, browsers restrict cross-origin HTTP requests
initiated from within scripts. For example, XMLHttpRequest and Fetch
follow the same-origin policy. So, a web application using
XMLHttpRequest or Fetch could only make HTTP requests to its own
domain. To improve web applications, developers asked browser vendors
to allow cross-domain requests.

IONIC | SOAP based web-service | exception: 'Access-Control-Allow-Origin' missing

I am developing mobile application using IONIC framework and I want to access SOAP based web-service, i have found this TUTORIAL.
I am accessing publicly deployed soap based web-service. I have tested the mentioned SOAP based web-service in SOAP-UI and i am able to access the web-service, but when i am accessing the same web-service from ionic framework, it throws an exception:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://www.webservicex.net/globalweather.asmx?wsdl. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Can anyone let me know whats the issue?
CORS is something that is enabled on the server. you have to make sure that the headers that are sent by the queried server have
Access-Control-Allow-Origin *;
Once that is done, the issue should be resolved. The XML request is being blocked in your case, because these headers are not present in the server response.
More info can be found here, http://www.w3.org/wiki/CORS_Enabled
BUT
For development purpose you can try to use chrome extension as workaround in your development phase.
try it:
https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi
NOTE: In Production you should enable it on your server side.
But during development, you can try plug-in to disable security.
It might be the whitelisting problem. Install ionic whitelist plugin via this command:
ionic plugin add https://github.com/apache/cordova-plugin-whitelist.git
Try whitelisting all network traffic via in your 'config.xml':
<allow-navigation href="*" />
Thou , this practice of is usually not recommended.
More info here: http://docs.ionic.io/docs/cordova-whitelist

Multiple cross-domain resources end-point in AngularJS

Here is my scenario:
I am going to build a AngularJS webapp which requires to interact with multiple cross-domain server. There are two approaches:
Make all the requests from client side - From my understanding AngularJS enable us to build a rich client and make REST call to server to obtain data. However for this approach I have to handle CORS issue.
Moving those call to server side (Node.js) - Node.js makes all the calls to cross-domain server. It exposes REST API for AngularJS to request Node.js to make those calls.
Which approach is suitable for my scenario? Are there any criteria that can guide me to use which approach?
Those cross-domain resources are not maintained by me. I have no way to control their ways to provide resources. Also at least one of the resources does not support CORS. At this moment I config a proxy to handle those call.
When it comes to interacting with cross domain, you options are using either CORS or JSONP if supported by target server.
In case not the only viable option is to proxy the request through your own server.
You can make everything proxy through your server but that would require effort and time to implement.
I don't see any harm in doing the normal CORS or JSONP way for server that support it and use the proxy approach when the underlying infrastructure does not support it.

Resources