In the specs it says: Whenever the toDataURL() method of a canvas element whose origin-clean flag is set to false is called, the method must raise a SECURITY_ERR exception. If the image is coming from another server I don’t think you can use toDataURL()
Yes, accessing parent page’s URL is not allowed if the iframe and the main page are not in the same (sub)domain. However, if you just need the URL of the main page (i.e. the browser URL), you can try this: var url = (window.location != window.parent.location) ? document.referrer : document.location.href; Note: window.parent.location is allowed; it … Read more
I do not know if the problem still exists, but I just ran into the same problem and solved it setting a session name before calling session_set_cookie_params(): $some_name = session_name(“some_name”); session_set_cookie_params(0, “https://stackoverflow.com/”, ‘.example.com’); session_start(); I have changed nothing in my php.ini but now everything is working fine.
It will/may be empty when the enduser entered the site URL in browser address bar itself. visited the site by a browser-maintained bookmark. visited the site as first page in the window/tab. clicked a link in an external application. switched from a https URL to a http URL. switched from a https URL to a … Read more
OPTIONS request are by no means an AngularJS bug, this is how Cross-Origin Resource Sharing standard mandates browsers to behave. Please refer to this document: https://developer.mozilla.org/en-US/docs/HTTP_access_control, where in the “Overview” section it says: The Cross-Origin Resource Sharing standard works by adding new HTTP headers that allow servers to describe the set of origins that are … Read more
Yes, it is absolutely possible to get the cookie from domain1.com by domain2.com. I had the same problem for a social plugin of my social network, and after a day of research I found the solution. First, on the server side you need to have the following headers: header(“Access-Control-Allow-Origin: http://origin.domain:port”); header(“Access-Control-Allow-Credentials: true”); header(“Access-Control-Allow-Methods: GET, POST”); … Read more
Access-Control-Allow-Origin Multiple Origin Domains?
I wrote an article on this issue a while back, Cross Domain AJAX. The easiest way to handle this if you have control of the responding server is to add a response header for: Access-Control-Allow-Origin: * This will allow cross-domain Ajax. In PHP, you’ll want to modify the response like so: <?php header(‘Access-Control-Allow-Origin: *’); ?> … Read more
Update: Before continuing everyone should read and understand the html5rocks tutorial on CORS. It is easy to understand and very clear. If you control the server being POSTed, simply leverage the “Cross-Origin Resource Sharing standard” by setting response headers on the server. This answer is discussed in other answers in this thread, but not very … Read more
jQuery Ajax Notes Due to browser security restrictions, most Ajax requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, port, or protocol. Script and JSONP requests are not subject to the same origin policy restrictions. There are some ways to overcome the cross-domain barrier: … Read more