Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Why's it suck? If you have access running on the other localhost service, just add the header if that's what you need. Otherwise handle the connection in the backend :-)
-
@Eklavya Well, when you load localhost:5000/global_config do you get the Access-Control-Allow-Origin: http://localhost:3000 header back? If yes, then admittedly that's very weird, check for typos. If not, then you need to add it :-)
-
Eklavya17723y@AlmondSauce My work is actually to fetch some signs from https://ohmanda.com/api/horoscope/. Ignore that localhost for now, and also I am using react for frontend
Tried 'Access-Control-Allow-Origin': '*'
and also adding proxy in config.json
but both don't meet my requirements -
@Eklavya If it's not your resource then you won't be able to add a header to it, so you'll just have to grab it server side instead.
As said above, it's a rather essential part of web security. -
@ScriptCoded fucking bad people who exploit are annoying. If not them, then so much less work would be needed to secure the things. Too bad it is so hard to catch them
-
Today I also have this stupid error with laravel and vue, but looks like laravel has some plugin for cors, so need to investigate it more and maybe I will solve my problem.
-
On the other hand - those shitty things makes us money. When you tell to somebody who earns little learn programming - they say they do not like it. We deal with those shit and are paid for it becaue others do not like it. If everyone would like this shit, then salaries would be reduced becuase of concurency.
-
@Angry-dev Of course they are. But they'll always be there, and it's our job as developers to make sure that the risk of them being able to to bad stuff is minimized.
-
@Angry-dev Sure, but then you can put everything from passwords to encryption in the same boat.
-
@Eklavya If you look on Shitoverflow why your setup is not working, you're doing it wrong TM.
The message is pretty clear, which is astonishing in my opinion. Never realized they finally implemented helpful error messages, usually it was digging in dirt till finding out what's missing.
OPTION method for preflight should be easy to find in your backend code, if you have e.g. reverse proxy and webserver involved.
If it's just a webserver <-> client Connection (no rev proxy)… it should be a matter of less than a minute to fix.
curl
-H "Origin: http://localhost:5000"
-H "Access-Control-Request-Method: GET,POST"
-H "Access-Control-Allow-Origin: *"
-X OPTIONS
--verbose
<url>
If you want to debug outside of browser, eg. to make sure that browser is not doing dumb things TM.
Request is entirely fictional ans might be incorrect -
-H "Access-Control-Allow-Origin: *"
This as I understand allow any domain, which is not secure, unless you really need any domain. -
@Angry-dev :) It's bad TM, yes.
But as I said... The request is fictional.
I've typed it on phone, as I simply LOVE curl for debugging. It's one of the tools that never fails for me.
From debugging HTTP requests to testing reverse proxys to TLS checking.
Curl is Love. :) And Browsers sometimes do dumb things TM... Caching bugs, stored redirects, additional security checks, ... -
Actually I am not able to find goot tutorial how to add it . Even when I use * it does not allow cors. There is so much trash discussed but when you try, it does not work and no errors are given besices not allowed cors. Can you give good tutorial?
I am spending hours on such simple thing. -
I finnally made it work. I noticed in the error it wrote there are multiple * . So I removed headers from few places with * and then it started to work, at least as wildcard
-
@Eklavya https://pastebin.com/QjVVE8JN
here is nginx script. Also removed
header("Access-Control-Allow-Origin: *");
from my application. And removed from global middleware in laravel application that class which handles this cors thing
It sucks. It sucks so much
random
no solution