CORS error when updating a contact in Stamplay - angularjs

When calling
JavaScript
Stamplay.Object('contact').update()
I'm getting this error:
JavaScript
PUT https://myappid.stamplayapp.com/api/cobject/v1/contact
index.html:1 XMLHttpRequest cannot load https://myappid.stamplayapp.com/api/cobject/v1/contact.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'https://www.example.com' is therefore not allowed access.
The response had HTTP status code 404.

You need CORS support in the response of https://myappid.stamplayapp.com/api/cobject/v1/contact which means the HEADER should contain something like the following line:
Access-Control-Allow-Origin: https://www.example.com

Related

Spring Cloud Gateway - CORS Preflight with React <> Spring Cloud Gateway <> NodeJS

I am trying to setup a Cloud Gateway between React App and NodeJS application
Below is error I am getting on ReactApp:
Access to XMLHttpRequest at 'http://localhost:8080/graphql' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I am already tried below link, as much may be with newer version of Cloud Gateway it is not working.
Attempt #1:
spring.cloud.gateway.globalcors.cors-configurations.[/**].allowedOrigins=*
spring.cloud.gateway.globalcors.cors-configurations.[/**].allowedMethods=*
With this I was getting Header issue so I added:
spring.cloud.gateway.globalcors.cors-configurations.[/**].allowedHeaders=*
I am getting below error:
The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:3000, *', but only one is allowed.
Attempt #2:
I tried adding the following bean:
#Bean
Function<GatewayFilterSpec, UriSpec> brutalCorsFilters() {
return f -> f
.setResponseHeader("Access-Control-Allow-Origin", "*")
.setResponseHeader("Access-Control-Allow-Methods", "*")
.setResponseHeader("Access-Control-Expose-Headers", "*");
}
But still no luck
Repo: https://github.com/shah-smit/quizroulette-spring-cloud-api-gateway
Please check your configuration carefully, it should be your configuration that caused multiple values, refer to this
The 'Access-Control-Allow-Origin' header contains multiple values
Maybe you can debug your code and find out where 'Access-Control-Allow-Origin' becomes two values.

why blocked by CORS policy even after 'Access-Control-Allow-Origin':'*'

I have flask api(http://127.0.0.1:5000/out/) which return the json. Angular js is http://localhost:4300 also running
I have added the extension Moesif Orign & CORS Changer and switched on also 'Access-Control-Allow-Origin':'*'
Error is below
Access to XMLHttpRequest at 'http://127.0.0.1:5000/out/' from origin 'http://localhost:4300' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Already gone the link Why does my JavaScript code get a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error when Postman does not?
fix with below code
from flask_cors import CORS, cross_origin
cors = CORS(app, resources={r"/api/*": {"origins": "*"}})
#cross_origin(origin='*')

Axios failing to downloand an image from s3 due to CORS

When making Axios GET call to retrieve an image from s3 bucket it creates a preflight check using OPTIONS method. Options method response includes the Access-Controll-Allow-Origin: * header with a wild card but the subsequent GET call fails to retrieve the image.
Browser console out put:
Access to XMLHttpRequest at 'https://example.com' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Response headers from the OPTIONS call:
Response headers from the subsequent GET call:
Axios config for the GET call:
Go to bucket permission and configure cors [https://docs.aws.amazon.com/AmazonS3/latest/userguide/ManageCorsUsing.html][s3 cors documentation]

Mixed Content: The page at 'URL' was loaded over HTTPS | AngularJS

Im making an app, where I want to sent $http.get requests to duckduckgo's API but their requests are done over HTTP. Seeing my site is HTTP is get the following error:
angular.js:11756 Mixed Content:
The page at 'URL' was loaded over HTTPS,
but requested an insecure XMLHttpRequest endpoint 'http://api.duckduckgo.com/'.
This request has been blocked; the content must be served over HTTPS.
When I adding the s to my request, I obviously get the following (seeing the CORS isn't setup):
XMLHttpRequest cannot load:
https://api.duckduckgo.com/?q=Undulated%20Tinamou&format=json&pretty=1.
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'https://URL' is therefore not allowed access. The response had HTTP status code 405.
My question: Is there any was for me to get the json and bypass one of the two stated above?
Edit1:
$http.get('https://api.duckduckgo.com/?q=' + birdname + '&format=json&callback=jsonp&pretty=1').then(function(res){
console.log(res.data);
});
I also tried the following:
$http.jsonp('https://api.duckduckgo.com/?q=' + birdname + '&format=json&callback=jsonp&pretty=1').then(function(res){
console.log(res.data);
});
With the second, I am getting the following error:
Uncaught ReferenceError: json is not defined

XMLHttpRequest cannot load in angular

I couldn't call my service which gives an error
index.html:1 XMLHttpRequest cannot load http://localhost:14652/api/Employee. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:1873' is therefore not allowed access.
What should i do?
Your browser won't let you make this request because the Access-Control-Allow-Origin (necessary for a cross-domain request) is missing in the header of whatever send your api, if you just want to make some tests you can disable it on your browser by launching it with the following flags:
google-chrome --disable-web-security --allow-file-access-from-files
But you should really read this : http://www.eriwen.com/javascript/how-to-cors/ and have cors working on your server

Resources