Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How To Solve This Problem : Cross-Origin Read Blocking (CORB) blocked cross-origin response

Warning is :

jquery-1.9.1.js:8526 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.metaweather.com/api/location/search/?query=lo with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.

My Code is:

<!DOCTYPE html>
<html>
<head>
  <title> Search API </title>
  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/css/bootstrap.min.css"> 
  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"> 
  </script>
  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/bootstrap.min.js"> 
  </script> 
  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
</head>
<body>
   <div class="container">
     <h2>API Search Whether</h2>    
     <div class="row">
        <div class="col-md-6">
            <input type="text" name="name" id="name" class="form-control">
        </div>
        <div class="col-md-2">              
            <button type="button" id="search" class="btn btn-primary btn-lg">Search</button>
        </div>
    </div>
    <br><br><br><br>
    <div class="row">
        <table class="table" border="2px">
            <thead>
                <tr style="color:blue; font-weight:bold;">
                    <td >Domain</td>
                    <td>Suffix</td>
                    <td>Expiry Date</td>
                    <td>Created At</td>
                    <td>Country</td>
                </tr>
            </thead>
            <tbody id="tbody">
            </tbody>
        </table>
    </div>
</div>  
<script src="https://unpkg.com/sweetalert/dist/sweetalert.min.js"> 
</script>
<script src="https://cdn.jsdelivr.net/npm/sweetalert2@8"></script>
<script type="text/javascript">
    $("#search").click(function () 
    {
        $("#tbody").html("");           
        var $this = $(this);
        var loadingText = '<i class="fa fa-circle-o-notch fa-spin"></i>Loading...';
        $("#search").attr("disabled", true);
        if ($(this).html() !== loadingText) {
            $this.data('original-text', $(this).html());
            $this.html(loadingText);
        }   
        var name = $('#name').val();        
        var i;
        $.ajax({
            url: "https://www.metaweather.com/api/location/search/?query="+name,
            dataType:'json',
            headers: function(xhr){
                xhr.setRequestHeader('x-xss-protection' ,'1; mode=block');
                xhr.setRequestHeader('Content-Language' ,'en');
                xhr.setRequestHeader('x-content-type-options', 'nosniff');
                xhr.setRequestHeader('strict-transport- security' , 'max-age=2592000; includeSubDomains');
                xhr.setRequestHeader('Vary' , 'Accept-Language, Cookie');
                xhr.setRequestHeader('Allow' , 'GET, HEAD,OPTIONS');
                xhr.setRequestHeader('x-frame-options' ,'DENY');
                xhr.setRequestHeader('Content-Type' , 'application/json');
                xhr.setRequestHeader('X-Cloud-Trace-Context' , 'f2dd29a5a475c5489584b993c3ce670d');
                xhr.setRequestHeader('Date' , 'Thu, 14 Mar 2019 09:43:04 GMT');
                xhr.setRequestHeader('Server' , 'Google Frontend');
                xhr.setRequestHeader('Content-Length' , '100');
            },
            success: function (result) {
                var f = result;
                var content = '';
                var i;
                for (i = 0; i <= f[i] ; i++) {
                    content += "<tr>";
                    content = content+"<td>"+f[i].title+"</td>";
                    content = content + "</tr>";
                }
                $("#tbody").append(content);
                $this.html($this.data('original-text'));
                $("#search").attr("disabled", false);
            }});      
      });
   </script>
</body>

I Tried last 4 Hours But No Solution... Advance Thank You For Help...

like image 999
Smit Pipaliya Avatar asked Mar 14 '19 10:03

Smit Pipaliya


2 Answers

I don't consider this an absolute answer because I am also having the same bug on a chrome extension I built. Now, following the suggestion from CORB (Cross Origin Read Blocking) The Chrome team updated the security of the browser in version 73+ which guards against the spectre and meltdown vulnerability.

On this link, they provide the means on how developers should go about fixing errors from this update: https://www.chromium.org/Home/chromium-security/corb-for-developers

The parent resource for this is: https://www.chromestatus.com/feature/5629709824032768 when I find my fix, I'll be updating this post with it.

like image 85
Samuel Nwaokoro Avatar answered Oct 10 '22 08:10

Samuel Nwaokoro


I had this issue too happen our Chrome Extension recently and closed it by moving all HTTP requests to the background page as advised by the Chrome team at 3. Limit Cross-Origin Requests in Background Pages

If an extension's background page simply fetches and relays any URL of a content script's choice (effectively acting as an open proxy), then similar security problems occur. That is, a compromised renderer process can hijack the content script and ask the background page to fetch and relay sensitive URLs of the attacker's choosing. Instead, background pages should only fetch data from URLs the extension author intends, which is ideally a small set of URLs which does not put the user's sensitive data at risk.

like image 26
Athman Avatar answered Oct 10 '22 09:10

Athman