Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@AlmondSauce I tried it, searched all over StackOverflow but it still not working
-
@Eklavya Well, when you load localhost:5000/global_config do you get the Access-Control-Allow-Origin: http://localhost:3000 header back? If yes, then admittedly that's very weird, check for typos. If not, then you need to add it :-)
-
@AlmondSauce My work is actually to fetch some signs from https://ohmanda.com/api/horoscope/. Ignore that localhost for now, and also I am using react for frontend
Tried 'Access-Control-Allow-Origin': '*'
and also adding proxy in config.json
but both don't meet my requirements -
@Eklavya If it's not your resource then you won't be able to add a header to it, so you'll just have to grab it server side instead.
As said above, it's a rather essential part of web security. -
@ScriptCoded fucking bad people who exploit are annoying. If not them, then so much less work would be needed to secure the things. Too bad it is so hard to catch them
-
On the other hand - those shitty things makes us money. When you tell to somebody who earns little learn programming - they say they do not like it. We deal with those shit and are paid for it becaue others do not like it. If everyone would like this shit, then salaries would be reduced becuase of concurency.
-
@Angry-dev Of course they are. But they'll always be there, and it's our job as developers to make sure that the risk of them being able to to bad stuff is minimized.
-
@Angry-dev Sure, but then you can put everything from passwords to encryption in the same boat.
-
@Eklavya If you look on Shitoverflow why your setup is not working, you're doing it wrong TM.
The message is pretty clear, which is astonishing in my opinion. Never realized they finally implemented helpful error messages, usually it was digging in dirt till finding out what's missing.
OPTION method for preflight should be easy to find in your backend code, if you have e.g. reverse proxy and webserver involved.
If it's just a webserver <-> client Connection (no rev proxy)… it should be a matter of less than a minute to fix.
curl
-H "Origin: http://localhost:5000"
-H "Access-Control-Request-Method: GET,POST"
-H "Access-Control-Allow-Origin: *"
-X OPTIONS
--verbose
<url>
If you want to debug outside of browser, eg. to make sure that browser is not doing dumb things TM.
Request is entirely fictional ans might be incorrect -
@Angry-dev :) It's bad TM, yes.
But as I said... The request is fictional.
I've typed it on phone, as I simply LOVE curl for debugging. It's one of the tools that never fails for me.
From debugging HTTP requests to testing reverse proxys to TLS checking.
Curl is Love. :) And Browsers sometimes do dumb things TM... Caching bugs, stored redirects, additional security checks, ... -
@Angry-dev how come? Any script?
-
@Eklavya https://pastebin.com/QjVVE8JN
here is nginx script. Also removed
header("Access-Control-Allow-Origin: *");
from my application. And removed from global middleware in laravel application that class which handles this cors thing
I have a dream, that one day my manager does what getaaron did T_T
It sucks. It sucks so much
random
no solution