Announcement

Collapse
No announcement yet.

CORS (cross site scripting) and Miva?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    CORS (cross site scripting) and Miva?

    I am attempting to set up some CORS ( http://enable-cors.org/index.html ) but it seems mivascript is not responding correctly. A near identical php files does however.

    Anyone have CORS working? or any suggestions?

    My mivascript code:
    Code:
    <MvAssign name="l.ok" value="{ miva_output_header('Content-Type:', 'text/html') }">
    <MvAssign name="l.ok" value="{ miva_output_header('Access-Control-Allow-Origin:', '*') }">
    <MvAssign name="l.ok" value="{ miva_output_header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS') }">
    <MvAssign name="l.ok" value="{ miva_output_header('Access-Control-Max-Age', '86400') }">
    <html><head>
    </head>
    <body>
    TEST CONTENT
    </body>
    </html>
    and the PHP:
    Code:
    <?php
    // Date in the past
    header("Access-Control-Allow-Origin: *");
    header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
    header("Access-Control-Max-Age: 86400");
    header("Content-Type: text/html");
    ?>
    <html><head>
    </head>
    <body>
      TEST CONTENT PHP.
    </body>
    </html>
    William Gilligan - Orange Marmalade, Inc.
    www.OrangeMarmaladeinc.com

    #2
    Re: CORS (cross site scripting) and Miva?

    Hi,

    Other than the fact that, you have a typo in this line,

    Code:
    <MvAssign name="l.ok" value="{ miva_output_header('Access-Control-Allow-Origin:', '*') }">
    as, it might be,

    Code:
    <MvAssign name="l.ok" value="{ miva_output_header('Access-Control-Allow-Origin', '*') }">
    The code is working fine for me.
    Rajnish Sinha
    ---------------------
    https://twitter.com/rajnishsi

    Comment


      #3
      Re: CORS (cross site scripting) and Miva?

      Originally posted by rajnishsi View Post
      Hi,

      Other than the fact that, you have a typo in this line,

      Code:
      <MvAssign name="l.ok" value="{ miva_output_header('Access-Control-Allow-Origin:', '*') }">
      as, it might be,

      Code:
      <MvAssign name="l.ok" value="{ miva_output_header('Access-Control-Allow-Origin', '*') }">
      The code is working fine for me.
      thanks!
      That was it... wow - seemed like hours of hair pulling all for one little :
      William Gilligan - Orange Marmalade, Inc.
      www.OrangeMarmaladeinc.com

      Comment


        #4
        Re: CORS (cross site scripting) and Miva?

        Hey all, just trying this technique to get an ajax call through, but the console still reports:

        No 'Access-Control-Allow-Origin' header is present. Using:

        Code:
        <mvt:assign name="l.null" value="miva_output_header('Access-Control-Allow-Origin', 'http://this.domain.com')" />
        
        <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
        <script>
        $( document ).ready(function() {
        	$.ajax({
        		url:'http://someurls.somewhere/here.html',
        		cache: 'false'		
        		});   
        });
        </script>
        Bruce Golub
        Phosphor Media - "Your Success is our Business"

        Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
        phosphormedia.com

        Comment


          #5
          Re: CORS (cross site scripting) and Miva?

          CORS headers need to be present on server, in your case, http://someurls.somewhere/here.html. You don't/can't specify them on the client.

          If you need to control it at your domain, you can use jsonp instead as long as server supports it.
          Rajnish Sinha
          ---------------------
          https://twitter.com/rajnishsi

          Comment


            #6
            Re: CORS (cross site scripting) and Miva?

            Originally posted by rajnishsi View Post
            CORS headers need to be present on server, in your case, http://someurls.somewhere/here.html.
            Hey Bruce,
            Rajnishi is correct. The other server must first allow it. (in my case the server was already set up - google identity)
            Then you pass parameters so its knows who you are.

            Here is some info I used to help me work thru it:
            http://www.bennadel.com/blog/2327-cr...nd-node-js.htm

            Bill
            William Gilligan - Orange Marmalade, Inc.
            www.OrangeMarmaladeinc.com

            Comment


              #7
              Re: CORS (cross site scripting) and Miva?

              Thanks, I assumed it was but obviously, I was mistaken. Will check it out. THANKS!
              Bruce Golub
              Phosphor Media - "Your Success is our Business"

              Improve Your Customer Service | Get MORE Customers | Edit CSS/Javascript/HTML Easily | Make Your Site Faster | Get Indexed by Google | Free Modules | Follow Us on Facebook
              phosphormedia.com

              Comment

              Working...
              X