does this API just not work via cross origin resource? My CORS headers are set in .htaccess and verified working, because I do get a response from the API, but it's an unknown error.
I set everything up and tested on a single test server and it all works. But my prod environment requires two separate domains, one which is a CMS where the pages are hosted, and then a separate PHP server where I'm hosting the PHP side of the app that makes the CURL requests. When I try to make a CORS request, I get
{"error":{"code":500000,"message":"An unexpected error occurred. If the error persists, report it with date/time of error, request identifier from response header X-RequestId, and client identifier from request header X-ClientTraceId."}}
I get the same thing when I mimic a CORS scenario locally by using a XAMPP PHP server and a Gulp HTTP server.
My setup currently builds the JSON from body copy on a page, then sends that via AJAX POST to the PHP file, which then processes it, encodes, makes Curl requests to the API, then outputs the response. I then handle the data from the response again in the JS file.
Related
I have run into a strange situation in a Flutter Web application. I am making a request to a PHP script which appears to give me a CORS error, but it seems that the PHP code gets executed anyway...
When I make the request, the Flutter Web app throws an exception
XMLHttpRequest error
and the Chrome developer tools network tab shows CORS error in the status column for the request.
But despite this, it seems like the script is actually executed and inserting data into the database.
Is it possible that a PHP script can execute while still giving a CORS error on the client?
You need to check the http method in your script before executing your code :
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
The browser make a OPTIONS request to the server to check cors, which will execute your script, and if the cors check pass, your script will be called twice, one for the OPTIONS call, and another for the GET call
So here is my understanding of what's happening.
The web app makes a GET request to the server.
Since the app is running in a browser, the browser handles the request for the app.
2.1. The browser adds an Origin header to the request, with the value set to the current domain the web app is running on.
2.2 The browser sends the request to the server.
The server receives the request and relays it to the PHP script.
The PHP script can decide wether to
4.1 a) inspect the Origin request header and set an Access-Control-Allow-Origin response header that includes or excludes the Origin domain, or
4.1 b) just execute normally without checking the Origin request header or setting the Access-Control-Allow-Origin response header.
4.2 It's up to the PHP script do decide wether or not to execute, and wether or not to return any data.
The PHP script has finished executing and the web server sends the response back to the client.
The browser inspects the Access-Control-Allow-Origin header it got back from the PHP script.
6.1 a) If it includes the Origin domain (or is a wildcard *), the browser relays back the contents of the response back to the app.
6.1 b) Otherwise, the browser enforces the "same origin principle" and sends a "CORS error" back to the web app.
So I think my initial confusion was that the server wouldn't execute the request at all if the CORS headers weren't set. But what's actually happening is just that everything executes normally, the PHP script inserts some data into the database and sends a response, but when the browser detects that the response doesn't contain a CORS header that allows the Origin domain to read the response, it doesn't let the app see the response (even though the browser has already received it and it might contain a perfectly normal JSON/HTML/whatever).
The other answers talk about preflight OPTIONS requests, which do not seem to take place at all in this case. The Mozilla CORS documentation explains that "simple requests" don't trigger a CORS preflight.
I am developing an application in IONIC. I am making a $http.get request in Angular JS and its giving me 404 error when I successfully login and trying to load the user profile using the token sent in the authentication header.
It produces error in chrome, although I enabled CORS. Please check the screenshot:
Now if I try the url in POSTMAN, everything is ok. See the screenshot below:
I am stuck with this error, can someone help me?
What Ionic says
There are two ways to solve the issue: The first, and easier, solution is to just allow all origins from your API endpoint. However, we can’t always control the endpoint we are accessing. What we need, then, is a request that does not specify an origin.
We can do this by using a proxy server. Let’s look how the Ionic CLI provides
Reference
What works but isn't completely good to use
A simple solution is just add a CORS plugin into your browser and everything will work.
Plugin Link
Proxy server
If you want a proxy server there is this tutorial:
Link
I've got an app engine app set up. It's set up with billing and I have extension="curl.so" in my php.ini file so I think cUrl should work. It is set up to allow cross domain requests.
I'm attempting to send data (via a jquery ajax post) to the app, then have it use curl to send the data somewhere else.
If I send no data with the ajax request, the curl works and the final destination responds telling app engine that there's no data, app engine successfully passes it back to the ajax callback (as expected).
However if I send data along, the app engine responds with a 500 error. It appears to be breaking during the curl_exec.
Everything works fine if I run it through the local server.
Does anyone have any idea what might be inhibiting app engine from allowing this?
I'm trying to write a Flask application that incorporates a PHP script via a POST request using the requests module. I've had success on my local machine where I post
requests.post("http://localhost/webapp/templates/script.php", data=blah)
and everything goes as expected. However, when I push my code to Heroku, the post request no longer works - instead, I'm redirected to
http://mysite/php_post
and get a
Internal Server Error
The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.
I guess you want to be posting the data to your heroku application
requests.post("http://localhost/webapp/templates/script.php", data=blah)
should be
requests.post("http://mysite/webapp/templates/script.php", data=blah)
I am developing an iPhone application that sends through HTTP requests an XML file to my PHP server.
I have coded my server and got the XML file and stored it in database. Now I want to see from my iPhone if the server got my XML file.
This response of the server, I must code it or is it automatic?
If it is not automatic, how do I make it? I must make the server send back a simple XML to my iPhone stating that everything is "OK" and also program my iPhone application to get the XML?
Assuming you have set up some proper API for your App to query, just use HTTP Status Codes. If everything was ok and the data got successfully inserted, reply with a 200 response. If there was an error there are numerous other status codes to send, e.g. 500 internal server error. Your client App can then parse these responses and react appropietly.