There are 3 ways to allow cross domain origin (excluding jsonp): Set the header in the page directly using a templating language like PHP. Keep in mind there can be no HTML before your header or it will fail. Modify the server configuration file (apache.conf) and add this line. Note that “*” represents allow all. … Read more
Amazon recently announced CORS support We’re delighted to announce support for Cross-Origin Resource Sharing (CORS) in Amazon S3. You can now easily build web applications that use JavaScript and HTML5 to interact with resources in Amazon S3, enabling you to implement HTML5 drag and drop uploads to Amazon S3, show upload progress, or update content. … Read more
The default behavior of web browsers that initiate requests from a page via JavaScript (AKA AJAX) is that they follow the same-origin policy. This means that requests can only be made via AJAX to the same domain (or sub domain). Requests to an entirely different domain will fail. This restriction exists because requests made at … Read more
If you want to disable the same-origin policy on Safari (I have 9.1.1), then you only need to enable the developer menu, and select “Disable Cross-Origin Restrictions” from the develop menu.
The important thing to note here is that if the user is signed in to a site http://example.com/ and the request http://example.com/delete?id=1 deletes a post by the user, then the following code will delete the user’s post: <script src=”http://example.com/delete?id=1″ /> This is called a CSRF/XSRF attack (cross-site request forgery). This is why most server-side web … Read more
UPDATE 6/2012: This used to work at the time of the writing, but obviously no more. Sorry. In Firefox (might apply to other Gecko-based browsers as well) you can use the following JavaScript snippet to allow cross-domain calls: if (navigator.userAgent.indexOf(“Firefox”) != -1) { try { netscape.security.PrivilegeManager.enablePrivilege(“UniversalBrowserRead”); } catch (e) { alert(“Permission UniversalBrowserRead denied — not … Read more
As David Dorward mentioned, JSON-P is the simplest and fastest; however, there is another trick, specifically using two iframes. Two get around this issue without using JSONP, you can do the following. This technique assumes that you have some sort of development access to the parent page. There are three pages on two domains/sites. Parent … Read more
This error message… Uncaught DOMException: Blocked a frame with origin “http://localhost:8080” from accessing a cross-origin frame. …implies that the WebDriver instance blocked from accessing a cross-origin frame. Same-origin policy Same-origin policy : Same-origin policy restricts how a document or script loaded from one origin can interact with a resource from another origin. It is a … Read more
Looking at the issues for this shows that the whole –allow-file-access-from-files thing was rushed. “Firefox does it..” “How can we do it?” some time passes “Here are the patches” “Passes! On trunk wonder what happens in the next dev release” “Ahhh it’s broken” “Use the command line option” “ok” “We shipped!” “WTF guys? You broke … Read more
There’s a Firefox extension that adds the CORS headers to any HTTP response working on the latest Firefox (build 36.0.1) released March 5, 2015. I tested it and it’s working on both Windows 7 and Mavericks. I’ll guide you throught the steps to get it working. 1) Getting the extension You can either download the … Read more