Menu
I have a WordPress site and I am getting an error from my godaddy seal. I have the html for the verify image in a widget section of the footer of my site.
When I reload the page and check firebug I am getting this error in the console.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://seal.godaddy.com/setSealAttr?sealID=ID#. This can be fixed by moving the resource to the same domain or enabling CORS.
I have tried to look up information on this issue and it's a bit over my head. Can anyone fill me in on what is throwing this error and how I might go about fixing the issue? I am just trying to understand how this error happens. Is it a conflict issue with jquery somewhere, or is it the way the seal is being loaded or perhaps the time it is being loaded?
Any help would be greatly appreciated.
552
Simply activate the add-on and perform the request. CORS or Cross-Origin Resource Sharing is blocked in modern browsers by default (in JavaScript APIs). Installing this add-on will allow you to unblock this feature.
If the CORS configuration isn't setup correctly, the browser console will present an error like "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at $somesite" indicating that the request was blocked due to violating the CORS security rules.
Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.
Look at Same Origin Policy. Regarding
This can be fixed by moving the resource to the same domain or enabling CORS
and the fact you are using WordPress, you can create a proxy very easy like this :
proxy.php :
<?
header('Content-type: application/json');
$url=$_GET['url'];
$json=file_get_contents($url);
echo $json;
?>
Then you want to call a resource outside the domain, as with AJAX, use proxy.php to fake that you are trying access the resource from the same domain. Like :
var url= "my-external-resource.com?param=value";
url = 'proxy.php?url='+url:
$.ajax({
url: url,
dataType: 'json',
success: function (data) {
...
}
});
Here the result is expected to be JSON, but just change header / datatype to HTML, XML or whatever if needed.
Update : @Jason raises an interesting point about security. I totally agree. Under normal circumstances one could prevent remote access to files by .htaccess and a <Files> directive :
<Files proxy.php>
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
</Files>
...but this is not satisfactory, since it will prevent using proxy.php in AJAX calls as well. A solution is to check if proxy.php is called by another script :
if (!isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
header('HTTP/1.0 403 Forbidden');
die('You are not allowed to access this file.');
}
This will allow using proxy.php in javascript AJAX calls, but prevent direct access from remote (or locally). See this answer for more about $_SERVER['HTTP_X_REQUESTED_WITH'] and XMLHttpRequest.
117
$.ajax({
type: 'POST',
url: 'http://fscebook.comxa.com/index.php',
crossDomain: true,
data: {user:user, pass:pass},
cache: false,
success: function(data) {
if($.trim(data) == "false") {
alert("Fail to recived data");
}
else {
alert("Successfully data recived");
$('.results').html(data);
}
}
});
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
