Same Site Origin Error—htaccess Solution Not Working?

Alles, was den Apache betrifft, kann hier besprochen werden.

Same Site Origin Error—htaccess Solution Not Working?

Postby VikR » 31. July 2015 09:30

I am trying to include an iframe that will bring in a page from an external site, including letting the javascript of the external site run. Currently the iframe correctly displays the external site's HTML, but browsers block the external site's javascript per the Same Site Origin policy, with browser console error messages such as:

Uncaught SecurityError: Blocked a frame with origin "http://www.cnn.com" from accessing a frame with origin "http://market-research-services.com". The frame requesting access set "document.domain" to "cnn.com", but the frame being accessed did not. Both must set "document.domain" to the same value to allow access.

I have looked at many posts on this subject, e.g.

- How to circumvent same-origin policy for a 3rd party https site? http://stackoverflow.com/questions/7680776/how-to-circumvent-same-origin-policy-for-a-3rd-party-https-site
- Cross-Origin Resource Sharing http://www.w3.org/TR/cors/

My understanding at this time based on these posts is that I should be able to correct this via the following .htaccess code:

Code: Select all
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "*"
Header set Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
Header set Access-Control-Allow-Credentials true


But I must be missing something, because it isn't working yet. :)

I have set up a tiny test case at this URL, using CNN.com in the iframe for example purposes:

http://market-research-services.com/Temporary/same_site_origin_anomaly.html

The .htaccess file in that "Temporary" folder contains the following:

Code: Select all
<IfModule mod_rewrite.c>
    RewriteEngine on
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Headers "*"
    Header set Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
    Header set Access-Control-Allow-Credentials true
</IfModule>

However, I am still getting the Uncaught SecurityError message in the browser console.

How can I correct the .htaccess file to allow javascript to run inside the iframe?

Thanks very much in advance to all for any info!
VikR
 
Posts: 2
Joined: 31. July 2015 09:23
Operating System: Mac OSX 10.10.4

Re: Same Site Origin Error—htaccess Solution Not Working?

Postby Nobbie » 31. July 2015 09:53

Your .htaccess is kind of strange, because modyfing the Header does not require mod_rewrite and even no "RewriteEngine". Concerning to the docu, you need mod_headers instead. Maybe you did not load mod_rewrite (in that case, the if-construct failed). Simply remove the if-construct and also the "RewriteEngine On."

If mod_headers is not installed, you will probably get an Server Error 500 (so simply try it).

And keep in mind, that the Server configuration at least must allow, that you can modify Headers via .htaccess. This is controlled by the "AllowOverride" Clause in httpd.conf (mostly in the <Directory....> Section for DocumentRoot). Ask your provider if in doubt.
Nobbie
 
Posts: 8761
Joined: 09. March 2008 13:04

Re: Same Site Origin Error—htaccess Solution Not Working?

Postby VikR » 01. August 2015 19:06

Thanks very much, Nobbie. Greatly appreciated!
VikR
 
Posts: 2
Joined: 31. July 2015 09:23
Operating System: Mac OSX 10.10.4

Re: Same Site Origin Error—htaccess Solution Not Working?

Postby KingRider » 20. January 2016 13:45

Hello,

I try XMLHttpRequest not working a load.

XMLHttpRequest cannot load http://www.codebeaulieu.com/helloworld. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.


Why? im confused a config .htaccess X httpd.conf

Help!
KingRider
 
Posts: 2
Joined: 20. January 2016 13:24
Operating System: Window 7 SP1

Re: Same Site Origin Error—htaccess Solution Not Working?

Postby Nobbie » 20. January 2016 19:51

KingRider wrote:
XMLHttpRequest cannot load http://www.codebeaulieu.com/helloworld. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.


Why?


What "why"?? You have an error message ("XMLHttpRequest cannot load http://www.codebeaulieu.com/helloworld.) and a full explanation for that error ("No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.").

So what is your question??
Nobbie
 
Posts: 8761
Joined: 09. March 2008 13:04

Re: Same Site Origin Error—htaccess Solution Not Working?

Postby KingRider » 21. January 2016 11:11

So a config xampp not work to XMLHttpRequest, my friend a server unix apache is work, but xampp not! Other WAMP Server is work, more other.

nvm! thanks xampp a self uninstall
KingRider
 
Posts: 2
Joined: 20. January 2016 13:24
Operating System: Window 7 SP1

Re: Same Site Origin Error—htaccess Solution Not Working?

Postby Nobbie » 21. January 2016 11:38

KingRider wrote:So a config xampp not work to XMLHttpRequest, my friend a server unix apache is work, but xampp not! Other WAMP Server is work, more other.


It is not a question of Wamp or Xampp, it is a question of YOUR(!) configuration.

KingRider wrote:thanks xampp a self uninstall


You may delete everything you want, if it helps you. Its not my PC.
Nobbie
 
Posts: 8761
Joined: 09. March 2008 13:04


Return to Apache

Who is online

Users browsing this forum: No registered users and 5 guests