Sails.js modified header - cross domain - angularjs

does anybody know where I can set a header in Sailsjs?
I have to set the Access-Control-Allow-Origin header that I can use my sails instance as API.
Currently I get this error if I try to send a request via $http.get in AngularJs
[Error] XMLHttpRequest cannot load http://acreasyURL.io/signin. Origin http://myhostOnMyMac.io:8000 is not allowed by Access-Control-Allow-Origin.
Any idea?
Cheers!!

Normally, you don't have to set it manually.
Sails has some CORS functionality built in:
https://github.com/balderdashy/sails-docs/blob/bc148104378f1ad590a69220c25f60fe41a59790/config.cors.md

Related

How to set X-Frame-Options header in angularjs?

I'm getting an OWASP ZAP Scanning alert:
Medium (Medium) X-Frame-Options Header Not Set
Description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
URL https://10.11.12.13/web/network/config.html
Method GET
Parameter X-Frame-Options
To fix the alert I set HTTP headers in app.js
$httpProvider.defaults.headers.get['X-Frame-Options'] = 'DENY';
When building a project I get a TypeError
[INFO] TypeError: 'undefined' is not an object (evaluating '$httpProvider.defaults.headers.get['X-Frame-Options']='DENY'')
Am I doing something wrong? Or is there a different way of fixing the alert?
You didn't follow the syntax in the article you linked, which lists:
$httpProvider.defaults.headers.get = { 'My-Header' : 'value' }
So yours should be something like :
$httpProvider.defaults.headers.get = { 'X-Frame-Options' : 'DENY' }
As MrWook suggested that might not be the best option. You should also checkout these answers:
How do I set X-Frame-Options as response header in angularJS?
angular js load external site in iframe
$httpProvider.defaults is used to set request headers. Leaving aside your error in how you are trying to use it, X-Frame-Options is a response header.
You can't set response headers in Angular: It is a client-side application.
You need to configure your HTTP server (https://10.11.12.13) to include the header.
How you do that depends on which HTTP server software you use. This guide, for example, covers Apache HTTPD and Nginx. You'll need to find documentation for the software you are using.

Call Spring-Boot API from AngularJS

I have an API running on Spring Boot and I want to access the data using http call from AngularJS. But it is giving me the error
XMLHttpRequest cannot load http://localhost:9000/transaction-service/transaction/query?id=800103209000150247301466600013. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
I know it has something to do with the headers but I don't know how to do it.
You have violated the same origin policy restriction to deal with this in angularjs. You have two solutions
JSON with padding (JSONP) and Cross-origin resource sharing (CORS) headers.
Let’s examine a sample JSONP request and response to see how it works in practice. First of all we need to invoke a JSONP request:
$http
.jsonp('http://angularjs.org/greet.php?callback=JSON_CALLBACK', {
params:{
name:'World'
}
}).success(function (data) {
$scope.greeting = data;
});
Or setting the appropriate CORS headers to allow you to cross domain resource sharing. If you're using Apache :
put the following into your .htaccess file:
Header set Access-Control-Allow-Origin "*"
If you don't have access to configure Apache, you can still send the header from a PHP script. It's a case of adding the following to your PHP scripts:
<?php
header("Access-Control-Allow-Origin: *");

CORS Filter Missing Angular

From my Angular client, i am invoking another application URL which will return a JSON object.
When i try in IE11 , it works fine but in Firefox and Chrome, i get:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at (Reason: CORS header 'Access-Control-Allow-Origin' missing).
I tried to add the Access-Control-Allow-origin in the header, i started get CORS Request Failed.
How can i handle this scenario in my angular 1.5 application?
Access-Control-Allow-origin
First of all it has nothing to do with angular. You make an request to backend and your backend response to the request.
CORS Filter Missing Angular there is no CORS Filter Missing Angular in angular but in your api. You need to set CORS Filter in your api so your angular application can make a request and api can response to that.
This picture describe how cors filter works

XMLHttpRequest cannot load in angular

I couldn't call my service which gives an error
index.html:1 XMLHttpRequest cannot load http://localhost:14652/api/Employee. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:1873' is therefore not allowed access.
What should i do?
Your browser won't let you make this request because the Access-Control-Allow-Origin (necessary for a cross-domain request) is missing in the header of whatever send your api, if you just want to make some tests you can disable it on your browser by launching it with the following flags:
google-chrome --disable-web-security --allow-file-access-from-files
But you should really read this : http://www.eriwen.com/javascript/how-to-cors/ and have cors working on your server

Angular JS request to remote Sails server

I'm trying to make a request to a remote server running with Sails JS (NodeJS) using AngularJS in the frontend and I'm getting this origin 'null' error:
XMLHttpRequest cannot load http://remoteserver:1337/login/. The 'Access-Control-Allow-Origin' header contains the invalid value ''. Origin 'null' is therefore not allowed access.
My request looks somethign like:
$http.post('http://remoteserver:1337/login/', { email: userData.email, password: userData.password});
Any ideas?
You nead the server to enable CORS (cross origin resource sharing),
from Sails.js cors documentation (http://sailsjs.org/documentation/concepts/security/cors)
To allow cross-origin requests from any domain to any route in your app, simply enable allRoutes in config/cors.js:
allRoutes: true
and here is a brief explanation about what CORS is and why it is needed:
http://enable-cors.org/index.html

Resources