I'm getting this error on my live site (hosted on GoDaddy) when I'm trying to make a http get call to an API.
The 'Access-Control-Allow-Origin' header has a value 'http://localhost' that is not equal to the supplied origin.
Why does it think the header has a localhost value when I'm not even running this on my local server? The weird thing is that it happens on and off (sometimes it's able to call the API and get the data without the error, other times, it's not and gives that error.
Related
I'm creating a website using Vue.js, and a web service using C# MVC, hosted in IIS 10 (Windows Server 2019)
There are 3 nodes that I have created, which are:
api.myweb.local - for API endpoints
myweb.local - web to be accessed from local network
myweb.com (reverse proxy) - web to be accessed from public network. Actually it's just the same with the local network version, only limited menu and env configs. In order to reach the API server in local network, it's set up as a reverse proxy
Problem occurs when I tried to post form containing bytes array to myweb.com.
It returns 404 Error: "The specified URL cannot be found".
But it works when I posted from myweb.local
If I remove the bytes array parameters, then it works as intended.
I checked the log files, but no information about this 404 error was logged.
Any idea what I should do?
Thanks
Sending requests work from my server with my server IP. But now i added a custom domain name and when i try sending get requests to that domain name its keeps on showing an error "Error: getaddrinfo ENOTFOUND www.mydomain.com". Firefox returns a json response when i hit my route, but its not working in postman. I even saw some articles and switched off ssl verfication in postman settings and it's still not working. Can any one help fix this issue.
I have a project, It's a web application that requires Windows Authentication.
I've setup an Active Directory at home using my NAS virtualization. Then I've created a VMWare Server for IIS which is a member of that domain on my desktop which I also use for development. I've created the Web API and installed it into that VMWare server. When I call a routine directly, it works and return results but when I use the Web API routine from my javascript web application I keep on getting 401 error. I then put the code on the IIS server and the web application works.
I've seen a lot of solutions like changing the sequence of the Provider in IIS Authentication. Added Everyone read/write permission on the folders. I've also added entry on the web.config. But none of them work.
*****Update as per request on the comment *****
Below is when I run directly from Web API
Calling the Web API from Javascript
Here's the error I'm getting
Just FYI, I tried running the web api from Visual Studio on the same machine but also with 401 error
Is there anything I could add to AD to make my development machine as trusted?
********************A new issue after the code change **********
****************Another Update******
This is definitely weird, so I installed Fiddler 4 to see what's going on. But still no luck.
Then I made changes on the IIS HTTP Response Header
The weird thing is when I run Fiddler the error is gone but when I close it it comes back.
There are two things going on here:
A 401 response is a normal first step to Windows Authentication. The client is then expected to resend the request with credentials. AJAX requests don't do this automatically unless you tell it to.
To tell it to send credentials in a cross-domain request (more on that later), you need to set the withCredentials option when you make the request in JavaScript.
With jQuery, that looks like this:
$.ajax({
url: url,
xhrFields: {
withCredentials: true
}
}).then(callback);
These problems pop up when the URL in the address bar of the browser is different than the URL of the API you are trying to connect to in the JavaScript. Browsers are very picky about when this is allowed. These are called "cross-domain requests", or "Cross-Origin Resource Sharing" (CORS).
It looks at the protocol, domain name and port. So if the website is http://localhost:8000, and it's making an AJAX request to http://localhost:8001, that is still considered a cross-domain request.
When a cross-domain AJAX request is made, the browser first sends an OPTIONS request to the URL, which contains the URL of the website that's making the request (e.g. http://localhost:8000). The API is expected to return a response with an Access-Control-Allow-Origin header that says whether the website making the request is allowed to.
If you are not planning on sending credentials, then the Access-Control-Allow-Origin header can be *, meaning that the API allows anyone to call it.
However, if you need to send credentials, like you do, you cannot use *. The Access-Control-Allow-Origin header must specifically contain the domain (and port) of your webpage, and the Access-Control-Allow-Credentials must be set to true. For example:
Access-Control-Allow-Origin: http://localhost:8000
Access-Control-Allow-Credentials: true
It's a bit of a pain in the butt, yes. But it's necessary for security.
You can read more about CORS here: Cross-Origin Resource Sharing (CORS)
I need to call an external web api which runs on the same server as my application, but don't get permission to do so. When I run the application locally, it works fine. But when I deploy it, error 502 on every remote request.
I searched to the suggested questions when I made this question.
Is it possible to have the same issue as him: Steam API Access-Control-Allow-Origin Issue
Because there was no way around this problem. We hosted everything on the same server, so there couldn't occur an Access control allow origin error.
I am an intern in an interactive media company, my employers have many websites they host for small businesses. When any of the websites URL's is accessed on the web it works great, altough when you place "/test" behind the url and enter it comes up with the 500.19 internal server error, stating the configuration file path is invalid. While it should just be giving the 404 error.
We did not create the /test site. We also have URL rewrite installed and functioning but we really need to know what is causing this error. As I said it needs to give a 404 error and than perhaps we can have it rewrite this URL.
If anyone has any idea what is going on here please help. Searching the web has yielded zero results. Below I will paste the full error report.
Error Summary
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Detailed Error Information
Module IIS Web Core
Notification BeginRequest
Handler Not yet determined
Error Code 0x80070003
Config Error Cannot read configuration file
Config File \\?\D:\Sites\vhosts\***********.com\httpdocs\test\web.config
Requested URL http://***.*************.com:80/test
Physical Path D:\Sites\vhosts\************.com\httpdocs\test
Logon Method Not yet determined
Logon User Not yet determined
Config Source
-1:
0: