I have a GWT app and I'm using RequestBuilder get GET some json from a php script I have running on a Fatcow.com server. It returns the json just fine in the browser and returns a 200 status in Charles web debug proxy, but in the GWT app it always says the response status is 0 and doesn't give me any json. When I test my code on a known working URL, it returns 200 and I get the json I expect. Also, I already have header('Content-Type: application/json; charset=utf-8'); in my php, which I know is a common error. Is there any reason this would not be working? Is it a php thing, or am I doing something wrong?
You're hitting the Same-Origin Policy.
CORS is supported in most recent browsers (exceptions: IE and Opera; will be coming in IE 10 and Opera 12 respectively).
Only viable alternatives are JSONP (using JsonpRequestBuilder in GWT) or a "proxy" on the same server serving your GWT app.
Related
I have run into a strange situation in a Flutter Web application. I am making a request to a PHP script which appears to give me a CORS error, but it seems that the PHP code gets executed anyway...
When I make the request, the Flutter Web app throws an exception
XMLHttpRequest error
and the Chrome developer tools network tab shows CORS error in the status column for the request.
But despite this, it seems like the script is actually executed and inserting data into the database.
Is it possible that a PHP script can execute while still giving a CORS error on the client?
You need to check the http method in your script before executing your code :
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
}
The browser make a OPTIONS request to the server to check cors, which will execute your script, and if the cors check pass, your script will be called twice, one for the OPTIONS call, and another for the GET call
So here is my understanding of what's happening.
The web app makes a GET request to the server.
Since the app is running in a browser, the browser handles the request for the app.
2.1. The browser adds an Origin header to the request, with the value set to the current domain the web app is running on.
2.2 The browser sends the request to the server.
The server receives the request and relays it to the PHP script.
The PHP script can decide wether to
4.1 a) inspect the Origin request header and set an Access-Control-Allow-Origin response header that includes or excludes the Origin domain, or
4.1 b) just execute normally without checking the Origin request header or setting the Access-Control-Allow-Origin response header.
4.2 It's up to the PHP script do decide wether or not to execute, and wether or not to return any data.
The PHP script has finished executing and the web server sends the response back to the client.
The browser inspects the Access-Control-Allow-Origin header it got back from the PHP script.
6.1 a) If it includes the Origin domain (or is a wildcard *), the browser relays back the contents of the response back to the app.
6.1 b) Otherwise, the browser enforces the "same origin principle" and sends a "CORS error" back to the web app.
So I think my initial confusion was that the server wouldn't execute the request at all if the CORS headers weren't set. But what's actually happening is just that everything executes normally, the PHP script inserts some data into the database and sends a response, but when the browser detects that the response doesn't contain a CORS header that allows the Origin domain to read the response, it doesn't let the app see the response (even though the browser has already received it and it might contain a perfectly normal JSON/HTML/whatever).
The other answers talk about preflight OPTIONS requests, which do not seem to take place at all in this case. The Mozilla CORS documentation explains that "simple requests" don't trigger a CORS preflight.
does this API just not work via cross origin resource? My CORS headers are set in .htaccess and verified working, because I do get a response from the API, but it's an unknown error.
I set everything up and tested on a single test server and it all works. But my prod environment requires two separate domains, one which is a CMS where the pages are hosted, and then a separate PHP server where I'm hosting the PHP side of the app that makes the CURL requests. When I try to make a CORS request, I get
{"error":{"code":500000,"message":"An unexpected error occurred. If the error persists, report it with date/time of error, request identifier from response header X-RequestId, and client identifier from request header X-ClientTraceId."}}
I get the same thing when I mimic a CORS scenario locally by using a XAMPP PHP server and a Gulp HTTP server.
My setup currently builds the JSON from body copy on a page, then sends that via AJAX POST to the PHP file, which then processes it, encodes, makes Curl requests to the API, then outputs the response. I then handle the data from the response again in the JS file.
The problem i'm facing is this:
I have a video on remote server that is loaded on my website
some users cannot access video because remote server URL is blocked
I create a proxy in PHP that is loading data from remote server with file_get_contents(), I'm getting headers from remote server and returning for the user response with same headers and content as a remote server.
Everything is working well on all devices except some Apple devices. It shows empty player with message Failed to Load Resource, Plugin Handled Load.
I spend a lot of time on looking for solution, was trying to handle even HTTP range requests with no success. I mange to reproduce error with postman using Safari headers and I manage to handle HTTP range request and video was working on Postman, but not in Safari. The only thing that may solve the issue is downloading file to my server and use the path to file to let nginx serve the file, but it means that I should have some cronjob that will remove file after usage.
So I hope that someone can give me ideas how to "fake" nginx response using PHP, just using headers and regular or streamed response is not enough.
It's driving me crazy. I created an Android App that does REST requests to an Apache Server running CakePHP 2.X.
In Android side: the request are make using Volley from Google it's HEAD version.
In Server side: It's a Apache 2, PHP 5.4, CakePHP 2.x and SSL.
Whatever request method GET or POST, with the same URL or same parameters when POST, sometimes the response is fine others time I get com.android.volley.NoConnectionError: java.net.ProtocolException: Unexpected status line: 10380HTTP/1.1 200 OK
When the error happen, the only thing i noticed is the number before changes. 10380HTTP/1.1 200 OK.
Any idea?
Thanks
I could sniff the request/response and could confirm it's a server side issue.
With information from #Julian Reschke and #AD7six
Apparently it's common error when using keep-alive and the second,third,etc response was messing up.
So following the information i got from this post, the problem looks like solved (I'll keep testing it).
I am developing an iPhone application that sends through HTTP requests an XML file to my PHP server.
I have coded my server and got the XML file and stored it in database. Now I want to see from my iPhone if the server got my XML file.
This response of the server, I must code it or is it automatic?
If it is not automatic, how do I make it? I must make the server send back a simple XML to my iPhone stating that everything is "OK" and also program my iPhone application to get the XML?
Assuming you have set up some proper API for your App to query, just use HTTP Status Codes. If everything was ok and the data got successfully inserted, reply with a 200 response. If there was an error there are numerous other status codes to send, e.g. 500 internal server error. Your client App can then parse these responses and react appropietly.