I am working on a web project, I just started using a JavaScript based video player in Wordpress. The video player works fine when using videos on the same server but when requesting videos from other servers it throws the error in browser console:
Failed to load http://techslides.com/demos/sample-videos/small.mp4: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.gozo.kitchen' is therefore not allowed access
I am trying to access the video on a different server.
I have tried locating the server configuration file but I cannot find it here's a summary of what I have done till now :
Server is running the linux operating system. I can find the nginx.config but its empty and enabling it to use CORS does not seem to solve the problem. The video still does not run.
There is no config file under the etc directory.
I need to enable CORS to access videos on other servers.
You're requesting a resource from another server so the other server must allow you to retrieve it with an Access-Control-Allow-Origin header that matches your site details. You can disable this when you start chrome with the --disable-web-security flag but that should only be used for testing.
Related
The problem i'm facing is this:
I have a video on remote server that is loaded on my website
some users cannot access video because remote server URL is blocked
I create a proxy in PHP that is loading data from remote server with file_get_contents(), I'm getting headers from remote server and returning for the user response with same headers and content as a remote server.
Everything is working well on all devices except some Apple devices. It shows empty player with message Failed to Load Resource, Plugin Handled Load.
I spend a lot of time on looking for solution, was trying to handle even HTTP range requests with no success. I mange to reproduce error with postman using Safari headers and I manage to handle HTTP range request and video was working on Postman, but not in Safari. The only thing that may solve the issue is downloading file to my server and use the path to file to let nginx serve the file, but it means that I should have some cronjob that will remove file after usage.
So I hope that someone can give me ideas how to "fake" nginx response using PHP, just using headers and regular or streamed response is not enough.
I created API with PHP and am testing it now.
It goes success with chrome and firefox, but safari gets error, "NSPOSIXErrorDomain:100."
This error sometime happens and sometime I can get a correct response from API.
Does anyone know anything about this kind of error?
I still don't understand even which part is causing this error...Is this because of server, AWS, SSL, PHP, or client browser?
Here is some info of my API.
allowing https access only (ex https://xxxdomain/xxx?id=000)
using php (Lumen)
deployed on AWS
receiving GET request with some params
I had the same problem calling PHP APIs deployed behind an AWS Load Balancer (I don't know if Load Balancer is present in your settings). I have solved the issue by disabling the use of HTTP 2.0 in the load balancer. In order to disable HTTP 2.0, select your Load Balancer in the AWS console then select Action -> Edit Attributes and disable HTTP/2
If you're not using a Load Balancer you have to check your webserver settings in order to figure out which HTTP version is enabled.
I fixed this problem by inserting the following as the very first line of the .htaccess file:
Header unset Upgrade
I am developing my app using Angularjs for front end and php mysql for backend. in php i am using slim framework. Things went smoothly while i was developing on my local machine and testing on localhost. However when I uploaded the code to a free shared hosting, all my rest calls stopped workng and started getting the following error.
XMLHttpRequest cannot load http://error404.myhostingprovider.com/?. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://myfreehosingdomain.com' is therefore not allowed access.
Can anybody please tell me what is going on.
In short, websites have to be careful about including content from other websites, because that content may be undesired / evil or changed en-route. Websites are generally responsible for whitelisting cross-domain requests they are expecting to make for the sake of the client's security.
I would suggest that you read up on a Browser Content Security Policy: https://en.wikipedia.org/wiki/Content_Security_Policy.
Then take a look at how to handle this case in the slim framework. This might be a good starting point:
http://help.slimframework.com/discussions/problems/810-no-subject
In my case this was because I was being redirected to an erro404 page outside my domain. The actual error was due to other factors (no mysql native driver in my case).
I'm working on a simple geolocation tracker based on this project and OsmAnd. OsmAnd uses URL parameters to send geolocation data to the web service, which then writes it to a file. The URL input into OsmAnd looks like
http://example.com/tracker.php?key=j2R1nrQ&lat={0}&lon={1}×tamp={2}&hdop={3}&altitude={4}&speed={5},
where the {#} is replaced by the location data by OsmAnd.
I have confirmed that OsmAnd is pinging my site with correctly formed data. If I open the link in a browser, it is correctly writing the data to the file, but when the app on my phone pings the page, it is not. PHP is run on the server, right? So why would it make a difference that an app on my phone is pinging the site vs. my browser?
I figured it out. The app was generating a 406 error on the server, which is caused by Apach Mod_security. Disabling Mod_security solved the issue.
i have php proxy script which uses file_get_contents to get web sites and outputs it ...
everything is working as long as web sites are static, but as long as i use some sites that uses ajax requests to update it's content, lik twitter, 9gag, youtube ... new content doesn't get added
i get this error in console:
XMLHttpRequest cannot load http://9gag.com/new/json?list=hot&id=6408098. Origin is not allowed by Access-Control-Allow-Origin.
since 9gag site is now my local site served by my local proxy it can't access new content from original 9gag site, which this is cross domain issue ....
so my question is how do i take ajax requests and put them through my local proxy server?
This is a security feature. It is made to prevent such requests that you are trying to do. As I can see, you have only two possibilities:
Add site to hosts file to forward it to your proxy. It this way you have to ensure that your proxy responds correctly this way. But I don't know if there are some other checks browser-side except checking the domain. If only domain taken into account, everything will be ok.
Set OS to use your proxy site as a system proxy. This way you should make it to respond as a regular proxy server.
P.S. May be it is better to use some ready-to-use transparent proxy utility?