-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No Access-Control-Allow-Origin #1
Comments
Are you using TLS 1.2?
Bret
…Sent from my Commodore 64
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
On Sep 14, 2017, at 2:18 AM, workingDog ***@***.***> wrote:
Hi Bret,
thanks for sharing this work on a TAXII 2.0 server and especially the test server.
I'm starting a TAXII 2.0 javascript client library at: https://github.com/workingDog/taxii2lib
I'm having some problems when trying to connect to your test server. I get:
Failed to load https://test.freetaxii.com:8000/taxii/: Response to preflight request
doesn't pass access control check: No 'Access-Control-Allow-Origin'
header is present on the requested resource. Origin 'http://localhost:8000'
is therefore not allowed access. The response had HTTP status code 405.
If an opaque response serves your needs, set the request's mode to 'no-cors'
to fetch the resource with CORS disabled.
I've tried many different headers and modes for my requests and also
browser (Chrome) settings on my part but to no avail. I just cannot get pass this.
Do you have any advice on how to overcome this?
Ringo
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
I'm testing things now with the following simple html file in Chrome 61 on MacOs:
From my understanding of some of the comments on the net, the server has to be set to Access-Control-Allow-Origin. |
From your example it looks like you are setting the Content-type to be application/vnd.oasis.taxii+json. But that is what the server would send you. You need to set the "Accept" header. For example, see the following curl commands.
curl -H "Accept:application/vnd.oasis.taxii+json;" https://test.freetaxii.com:8000/taxii/ <https://test.freetaxii.com:8000/taxii/>
curl -H "Accept:application/vnd.oasis.taxii+json;" https://test.freetaxii.com:8000/api1/ <https://test.freetaxii.com:8000/api1/>
curl -H "Accept:application/vnd.oasis.taxii+json;" https://test.freetaxii.com:8000/api1/collections/ <https://test.freetaxii.com:8000/api1/collections/>
On Sep 14, 2017, at 17:51, workingDog ***@***.***> wrote:
I'm testing things now with the following simple html file in Chrome 61 on MacOs:
<title>TAXII2</title>
Chrome-->View-->Developer-->Developer Tools
<script> function loadTaxii() { var xhttp = new XMLHttpRequest(); xhttp.onreadystatechange = function() { if (this.readyState == 4 && this.status == 200) { document.getElementById("demo").innerHTML = this.responseText; } }; xhttp.open("GET", "https://test.freetaxii.com:8000/taxii/", true); xhttp.setRequestHeader('Accept', 'application/vnd.oasis.taxii+json'); xhttp.setRequestHeader('Content-type', 'application/vnd.oasis.taxii+json'); xhttp.send(); }; loadTaxii(); </script>
From my understanding of some of the comments on the net, the server has to be set to Access-Control-Allow-Origin.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#1 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AJk2GArqEX1DvLunk1dhStrGSU2Vv3cTks5sibvmgaJpZM4PXNi9>.
Thanks,
Bret
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
thanks for your reply. I removed the Content-type and tried a few other things, but no success yet. |
I've just dropped the html file in Safari, and it seems to be working. This problem of cross origin appear to be a Chrome problem. |
It looks like I need to add some code like this for CORS. https://stackoverflow.com/questions/12830095/setting-http-headers I will look in to adding this in the next update. |
Hi Bret, I'm writing a browser app for creating and sending STIX 2.1 objects to a TAXII-2.0 server at: However I cannot get pass the "Access-Control-Allow-Origin" bug. Is there any other ways to get around this while you work on a server side solution? |
Will you have time to work on this live? I can make changes to the server and you can let me know if it works for you? We can chat via slack or skype, if either of those work for you. |
Hi Bret, I've found a way around the 'Access-Control-Allow-Origin' problem. I've put a small html file: testfreetaxii.html at : https://github.com/workingDog/cyberstation If you drop this file on your browser it will show the problem. I've signed up to the Slack thing, it maybe a day or two before I |
Hi Bret,
thanks for sharing this work on a TAXII 2.0 server and especially the test server.
I'm starting a TAXII 2.0 javascript client library at: https://github.com/workingDog/taxii2lib
I'm having some problems when trying to connect to your test server. I get:
Failed to load https://test.freetaxii.com:8000/taxii/: Response to preflight request
doesn't pass access control check: No 'Access-Control-Allow-Origin'
header is present on the requested resource. Origin 'http://localhost:8000'
is therefore not allowed access. The response had HTTP status code 405.
If an opaque response serves your needs, set the request's mode to 'no-cors'
to fetch the resource with CORS disabled.
I've tried many different headers and modes for my requests and also
browser (Chrome) settings on my part but to no avail. I just cannot get pass this.
Do you have any advice on how to overcome this?
Ringo
The text was updated successfully, but these errors were encountered: