I created API with PHP and am testing it now.
It goes success with chrome and firefox, but safari gets error, "NSPOSIXErrorDomain:100."
This error sometime happens and sometime I can get a correct response from API.
Does anyone know anything about this kind of error?
I still don't understand even which part is causing this error...Is this because of server, AWS, SSL, PHP, or client browser?
Here is some info of my API.
allowing https access only (ex https://xxxdomain/xxx?id=000)
using php (Lumen)
deployed on AWS
receiving GET request with some params
I had the same problem calling PHP APIs deployed behind an AWS Load Balancer (I don't know if Load Balancer is present in your settings). I have solved the issue by disabling the use of HTTP 2.0 in the load balancer. In order to disable HTTP 2.0, select your Load Balancer in the AWS console then select Action -> Edit Attributes and disable HTTP/2
If you're not using a Load Balancer you have to check your webserver settings in order to figure out which HTTP version is enabled.
I fixed this problem by inserting the following as the very first line of the .htaccess file:
Header unset Upgrade
Related
I am working on a project in Laravel 8 which I am now testing the deployment on production servers. I have set up 2 Digital Ocean Droplets that are behind a load balancer with Sticky Sessions enabled. I am attempting to login via a SPA app with a separate Laravel API so the middleware is configured for the api routes to be stateful API and perform CSRF validation. This works perfectly fine when I just hit a single droplet and bypass the load balancer but as soon as the load balancer is in use, I always receive a 419 CSRF Token mismatch.
Everything I found on Google says that the session needs to be shared between servers, but I don't believe this is the case in this scenario. I have turned on sticky session with a cookie called DO-LB in the load balancer so all requests from the same session go to the same server, and I am tailing the Apache access log on both servers, and I can see all requests such as the get-csrf and the auth route (using Sanctum) both hit the same server so would I would still be getting a token mismatch.
I am also using the cookie session driver.
UPDATE
I've found something a little strange, if I point my DNS to a singled droplet I see the X-XSRF-TOKEN is sent as a request header, but if I change DNS to point to the load balancer then X-xSRF-TOKEN is not sent as a request header. I am using Axios to send the request but I can't see how a load balancer can affect Axios
UPDATE 2
It looks like when I run it locally XSRF-TOKEN is not an HttpOnly cookie but when running it on production the XSRF-TOKEN is flagged as HttpOnly which from what I've read means its inaccessible from Javascript hence why Axios isn't sending it. I seem to have confirmed this by doing Cookies.get("XSRF-TOKEN") and printing the result, locally it prints the token to the console, but in production its undefined.
UPDATE 3
I updated my Apache configuration to override the headers as a test to remove the HttpOnly flag which seems to have done the trick, and I can now see when I log in, Chrome sends an X-XSRF-TOKEN in the request even though I still get a CSRF Token Mismatch.
I've compared the string in the chrome cookie store with what is being sent in the X-XSRF-TOKEN and they both match so I don't understand why Laravel keeps returning me a mismatch and I am at a complete loss.
I think I've figured this out, if it can be migrated to server fault then please do but I thought as figured out it makes to say what it was instead of just deleting.
I was using cloudflare and made the error of using self signed certificate between DO droplet and cloudflare and gave this cert to the load balancer. Although no errors were thrown by DO, in the Apache log I noticed that although the web site load, when an API request was made I noticed the apache error log Server name not provided via TLS extension (using default/first virtual host). Not sure if this is the actual cause but made me think if the issue was caused by the self signed certificate.
I generated a new origin server from Cloudflare which means it has a trusted CA and then gave that to DO load balancer and the problem went away.
The problem i'm facing is this:
I have a video on remote server that is loaded on my website
some users cannot access video because remote server URL is blocked
I create a proxy in PHP that is loading data from remote server with file_get_contents(), I'm getting headers from remote server and returning for the user response with same headers and content as a remote server.
Everything is working well on all devices except some Apple devices. It shows empty player with message Failed to Load Resource, Plugin Handled Load.
I spend a lot of time on looking for solution, was trying to handle even HTTP range requests with no success. I mange to reproduce error with postman using Safari headers and I manage to handle HTTP range request and video was working on Postman, but not in Safari. The only thing that may solve the issue is downloading file to my server and use the path to file to let nginx serve the file, but it means that I should have some cronjob that will remove file after usage.
So I hope that someone can give me ideas how to "fake" nginx response using PHP, just using headers and regular or streamed response is not enough.
I am working on a react single page web app(SPA) and when google redirects to ssl version of callback url of my app after successful OAuth login it doesn't load data from server side(Laravel app is not handling received data) instead it fetches home page of app (it seems from cache or something like that)
but if I use http version of site every thing is OK and redirected.
here is the images of both ssl and non-ssl headers
Non-SSL (every thing is OK)
With ssl
PS: Server is Open Litespeed and may be there is something wrong with it .
It does not look like Web-Server Level Cache since that would show X-Litespeed-Cache Header.
However, Service Worker is indeed a Browser-Level Cache, which needs to be set up to make sure browser fetches latest data from the Network every time.
Refer to this docs
I am working on a web project, I just started using a JavaScript based video player in Wordpress. The video player works fine when using videos on the same server but when requesting videos from other servers it throws the error in browser console:
Failed to load http://techslides.com/demos/sample-videos/small.mp4: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.gozo.kitchen' is therefore not allowed access
I am trying to access the video on a different server.
I have tried locating the server configuration file but I cannot find it here's a summary of what I have done till now :
Server is running the linux operating system. I can find the nginx.config but its empty and enabling it to use CORS does not seem to solve the problem. The video still does not run.
There is no config file under the etc directory.
I need to enable CORS to access videos on other servers.
You're requesting a resource from another server so the other server must allow you to retrieve it with an Access-Control-Allow-Origin header that matches your site details. You can disable this when you start chrome with the --disable-web-security flag but that should only be used for testing.
I'm trying to learn React by replicating a simple CRUD page I created earlier.
The old CRUD page was a Javascript/jQuery front-end with a form. It sent data via AJAX to a PHP backend page, and the PHP page interacted with a mySQL/mariaDB database.
Everything was locally hosted on my PC on XAMPP Apache, and everything worked fine.
I have now managed to replicate the front end using React, via Create React App and it's running on localhost:3000
I am now stuck. I don't know how to make my front-end (on localhost:3000) send data via AJAX to my back-end PHP page (on localhost:80 running on XAMPP Apache)
There are a lot of us PHP / mariaDB types out there who want to continue using that sub-stack as our back-end. The answers to this question will be enormously helpful in encouraging our crowd to try Create React App and React (I'm loving React btw!). (I was surprised that when I searched [create-react-app] [php] in StackOverflow, I got only 2 hits.)
Update: if this is off-topic for SO, then I'd appreciate suggestions on which SE I should post this on... thanks!
Answering my own question.
The basic problem is one of CORS (cross-origin resource sharing). The error one gets is (in the Chrome console):
No 'Access-Control-Allow-Origin' header is present on the requested resource.
During development only, this issue is easily resolved by adding this line of code to the top of the PHP file:
<?php
header("Access-Control-Allow-Origin: *");
This code should never be left there in production unless you're okay with anyone in the world accessing the PHP file API.
In actual production of this React app, one would expect that the JavaScript and the PHP files would share the same domain, so there won't be a CORS issue.