jpillora
Is there any way to reduce the scope to only specific domain requests?
Say there are two applications which provides me the REST api's.
- appilction1.example.com
- application2.example.com They are deployed in two different servers.
Out of those two, only application2.example.com is configured with xdomain and application1.example.com does not have any xdomain configurations. Currently the issues is, if I include xdomain.js in index.html, it affects all the xhr requests due to which the CORS request to application1.example.com is not working.
Is there any way that I could use xdomain.js only for the requests which are made to application2.example.com?
This should work if you only add application2.example.com as the slave, not *.example.com On Wed, 10 Feb 2016 at 3:21 AM Dheepan Raju [email protected] wrote:
Say there are two applications which provides me the REST api's.
- appilction1.example.com
- application2.example.com They are deployed in two different servers.
Out of those two, only application2.example.com is configured with xdomain and application1.example.com does not have any xdomain configurations. Currently the issues is, if I include xdomain.js in index.html, it affects all the xhr requests due to which the CORS request to application1.example.com is not working.
Is there any way that I could use xdomain.js only for the requests which are made to application2.example.com?
— Reply to this email directly or view it on GitHub https://github.com/jpillora/xdomain/issues/181.
I hope I have the exact configuration as you mentioned above.My index.html has the following code block,
<script src="app/vendor/xdomain/xdomain.min.js"></script>
<script>
xdomain.slaves({
"https://application1.example.com": "/xdomain/Proxy.html"
});
</script>
But with this configuration, all my calls to https://application2.example.com and http://localhost:8080 are getting failed with a message like the following one,
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
http://localhost:8080/rest/myapi. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
http://localhost:8080/rest/myapi. (Reason: CORS request failed).
But both https://application2.example.com and localhost sends Access-Control-Allow-Origin header in their responses.
Do those errors go away when you comment out XDomain?
On Wed, Feb 10, 2016 at 7:34 PM Dheepan Raju [email protected] wrote:
I hope I have the exact configuration as you mentioned above.My index.html has the following code block,
But with this configuration, all my calls to https://application2.example.com and http://localhost:8080 are getting failed with a message like the following one,
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource athttp://localhost:8080/rest/myapi. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource athttp://localhost:8080/rest/myapi. (Reason: CORS request failed).
But both https://application2.example.com and localhost sends Access-Control-Allow-Origin header in their responses.
— Reply to this email directly or view it on GitHub https://github.com/jpillora/xdomain/issues/181#issuecomment-182252155.
Yes. Without XDomain, localhost and other domain requests are working properly.
Interesting, could you host it somewhere and send me link? or create a redacted public version which reproduces it?
On Wed, Feb 10, 2016 at 7:39 PM Dheepan Raju [email protected] wrote:
Yes. Without XDomain, localhost and other domain requests are working properly.
— Reply to this email directly or view it on GitHub https://github.com/jpillora/xdomain/issues/181#issuecomment-182253242.
I'm afraid that I could host it in public. But I will try to make a redacted public version. BTW, I can see preflight OPTION request is sent for all localhost rest calls(which are getting failed with 404). But without XDomain, preflight requests were not sent. [ I don't know whether this information is really helpful for you to identify the issue:)]
Ah yes, now I remember, I have seen this bug before and I couldn't figure out why... Enabling XHook caused the OPTIONs requests not to be sent for some reason. Don't worry about the demo, I'll think I've got my own demo of this bug somewhere. I just need to find the time to debug it again...
On Wed, Feb 10, 2016 at 8:47 PM Dheepan Raju [email protected] wrote:
I'm afraid that I could host it in public. But I will try to make a redacted public version. BTW, I can see preflight OPTION request is sent for all localhost rest calls(which are getting failed with 404). But without XDomain, preflight requests were not sent. [ I don't know whether this information is really helpful for you to identify the issue:)]
— Reply to this email directly or view it on GitHub https://github.com/jpillora/xdomain/issues/181#issuecomment-182281918.
What if I want to make the resources on slave be accessible to anonymous master. For example
Is this valid?
Valid, but insecure. It's similar to adding CORS header "access-control-allow-origin: *"
On Thu, 18 Oct 2018 at 23:46 Mohamed Ragab [email protected] wrote:
What if I want to make the resources on slave be accessible to anonymous master. For example
Is this valid?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/jpillora/xdomain/issues/181#issuecomment-430994743, or mute the thread https://github.com/notifications/unsubscribe-auth/AAmr83nITjvly8ID1fcX5pUT2unjY_tKks5umHgngaJpZM4HWiGt .