CORS issue when accessing server data from localhost - .htaccess

I want to access data on a remote server from a local computer via an http request. I am getting this error:
Cross-Origin Request Blocked ... Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘[ip address].
The local machine is an angular project running on localhost:4200, the remote data is accessed via a php script located on the web (eg. https://example.com/php )
My question is: what are the appropriate header settings on my request from localhost:4200 (the client/requesting computer) and in the mod_headers section of the .htaccess file on my server (apache).
On the client side I have tried the following, where 111.111.111.111 is the IP address of the client and example.com is the domain name of the server.
headers.append('Access-Control-Allow-Origin', 111.111.111.111);
headers.append('Access-Control-Allow-Origin', http://111.111.111.111);
headers.append('Access-Control-Allow-Origin', '*')
headers.append('Access-Control-Allow-Origin', 'example.com')
headers.append('Access-Control-Allow-Origin', 'http://example.com')
On the server side .htaccess file (located in the folder of php script I am trying to launch) I have tried the following, where the 111.111.111.111 is the ip address of the machine making the request.
Header always set Access-Control-Allow-Origin "111.111.111.111"
Header always set Access-Control-Allow-Origin "http://111.111.111.111"
Header always set Access-Control-Allow-Origin "*"
Recap:
Does Access-Control-Allow-Origin need to be set on the request header, if so to what? The client's ip address? The server's ip address?
Do any other headers need to be set on the request, for example Access-Control-Request-Method?
Can an ip address be used in the server's .htaccess file or must it be a domain name? Does it need to be pre-pended with http:// or https://?

Related

ExpressJS - Wrong domain name in request headers

I have multiple domains pointing to same server. when i'm try to print the host name using req.headers['theHost'] it shows the other domain name instead of one to which request is sent. Example if i request a.com then in the headers it is showing b.com(other domain pointing to same server).
In order to get the hostname of an incoming request you can use req.get('Host'); (Express v4 way to get headers from a request - header field is case insensitive).

Disable Serving from Default Cloudfront Hostname (ourdistid.cloudfront.net)

I've setup an alternate domain name for our Cloudfront distribution so we can serve from oursite.com. We'd like to disable ourdistid.cloudfront.net so our site is only accessible from one hostname. Is this possible?
Yes, you can do this, though perhaps not in the place where you might expect to.
By default, CloudFront sets the Host: header in the request sent to the origin server to have the value of the origin server hostname.
However, you can configure CloudFront to forward the original request's host header to the origin server, instead. It doesn't change how the request is routed, only the header that gets forwarded.
After that, it is a simple matter to configure your web server to return the response you want, when the request's Host: header matches the *.cloudfront.net host, which can include a generic error page with whatever code you seem most appropriate, such as 503 Service Unavailable, 404 Not Found, 403 Forbidden, or 410 Gone. You could even use 301 Moved Permanently. Whatever makes the most sense to you.
You can't literally disable the assigned endpoint, but you can prevent it from returning any of your content.
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html

Amazon Cloudfront can't connect after moving to new server

I just moved my Magento site from one server to another host/server. Everything works except for Cloudfront. The new server DOES have SSL, just like the last server did.
But now when I try to view anything from Cloudfront I get the error:
"CloudFront wasn't able to connect to the origin."
Is like the DNS cached at Amazon and taking them forever to update it? Is there something you need to do when moving a site to a new server to keep CloudFront working?
Making CloudFront work with SSL can be tricky, specifically when the hostname of the origin is different from the hostname of the CNAME.
For example, if your hostname is www.example.com, and the origin is www-example.us-west-2.elasticbeanstalk.com, the request from the cloudfront server will contain a Host header of the origin :
> GET /index.html HTTP/1.1
> Host: www-example.us-west.elasticbeanstalk.com
> User-Agent: CloudFront/2.3
> Accept: */*
The origin host needs to be able to handle authenticated SSL requests for www-example.us-west.elasticbeanstalk.com, but usually you set it up in such way that it can handle SSL requests for the original hostname, www.example.com. In which case you have two options :
Whitelist the Host header. This will cause CloudFront to send the same Host header ( Host: www.example.com ) to the origin, which should be able to handle it correctly :
Another option is to set your origin to be the same hostname with a different subdomain, for example set the origin as origin.example.com and set a CNAME between origin.example.com and www-example.us-west.elasticbeanstalk.com

How to make http request in nodejs to url which is not linked to DNS but registered in hosts file?

I am working on remote sandbox with ip 190.34.24.56 (not real ip, just for example)
Hosts file contains this string:
190.34.24.56 web.sandbox.com
I have access to url web.sandbox.com from browser, but when try to send http request I get an error: ENOTFOUND (domain name not found).
How to send http request from nodejs to url which not have dns record?
(I can't enter to sandbox using 190.34.24.56, because there is host-server works which determine incoming url and redirects request to other port, so I can use only web.sandbox.com)
I haven't actually tried this, but you could try passing in the domain header along with your request:
Host: yourhostname.com
See full list of HTTP headers: List of HTTP header fields

HTTPS load other website content

On my windows 2003 server I have two websites: 2send.co.il & oferavnir.co.il
For 2send.co.il I installed SSL.
When I adding Https to oferavnir.co.il (the site without the SSL) the other site content is displayed -
(https://oferavnir.co.il displays the content from 2send.co.il)
Host headers for both site seems to be ok.
What could it be?
By default, the SSL certificate is probably bound to all IP addresses on your server. If you have individual IPs for each site, you can update the binding to only listen on the IP for 2send.co.il. If you are using host headers and a single IP, the 2send.co.il site will respond for all https requests. You could use a product like ISAPI Rewrite to check the URL used for an HTTPS request and ensure that it matches 2send.co.il or else route it to the appropriate http site for the URL
http://forums.iis.net/t/1195794.aspx/1?HTTPS+displays+other+site+contnet

Resources