Jump to content
Please Use CODE Tags

I'm being denied access because I'm sending a post through the same origin?

Acorn Eyes
By Acorn Eyes
in Programming
 Share
Posted

syA8NXz.png

 

The origin and the request I'm trying to load are the exact same.

 

I was able to post just fine, I had set a GET and POST request loop every 2.5s.

 

What could cause this issue?

Don't talk about stale memes.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Sending a request through the site works just fine and looks exactly like mine.

 

Sending a request through Insomnia works just fine as well.

Don't talk about stale memes.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Add the Access-Control-Allow-Origin Header with appropriate parameters to your webserver. That's XSS protection, you should look it up how it works.

 

Insomnia ignores XSS protection, that's why it works using it and not in your browser.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

If you have access to the webserver, it could be worth adding in the 'Access-Control-Allow-Origin' header for your website.

 

If they're on two different subdomains e.g. an ajax request from a webpage on memes.dankness.website to internal.dankness.website then you need to add memes.dankness.website to the 'Access-Control-Allow-Origin' header sent by internal.dankness.website.

 

Apart from that if they're on the same domain it should work just fine tbh.

Speedtests

WiFi - 7ms, 22Mb down, 10Mb up

Ethernet - 6ms, 47.5Mb down, 9.7Mb up

 

Rigs

Spoiler

 Type            Desktop

 OS              Windows 10 Pro

 CPU             i5-4430S

 RAM             8GB CORSAIR XMS3 (2x4gb)

 Cooler          LC Power LC-CC-97 65W

 Motherboard     ASUS H81M-PLUS

 GPU             GeForce GTX 1060

 Storage         120GB Sandisk SSD (boot), 750GB Seagate 2.5" (storage), 500GB Seagate 2.5" SSHD (cache)

 

Spoiler

Type            Server

OS              Ubuntu 14.04 LTS

CPU             Core 2 Duo E6320

RAM             2GB Non-ECC

Motherboard     ASUS P5VD2-MX SE

Storage         RAID 1: 250GB WD Blue and Seagate Barracuda

Uses            Webserver, NAS, Mediaserver, Database Server

 

Quotes of Fame

On 8/27/2015 at 10:09 AM, Drixen said:

Linus is light years ahead a lot of other YouTubers, he isn't just an average YouTuber.. he's legitimately, legit.

On 10/11/2015 at 11:36 AM, Geralt said:

When something is worth doing, it's worth overdoing.

On 6/22/2016 at 10:05 AM, trag1c said:

It's completely blown out of proportion. Also if you're the least bit worried about data gathering then you should go live in a cave a 1000Km from the nearest establishment simply because every device and every entity gathers information these days. In the current era privacy is just fallacy and nothing more.

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
13 minutes ago, burnttoastnice said:

Apart from that if they're on the same domain it should work just fine tbh.

I'm pretty sure that Content-Types different from application/x-www-form-urlencoded, multipart/form-data and text/plain need an Access-Control-Allow-Origin value to be set on the webserver, because then it's not a simple request anymore. If no Access-Control-Allow-Origin value is set you can't use application/json.

 

Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
7 minutes ago, Organized said:

I'm pretty sure that Content-Types different from application/x-www-form-urlencoded, multipart/form-data and text/plain neet an Access-Control-Allow-Origin value to be set on the webserver, because then it's not a simple request anymore. If no Access-Control-Allow-Origin value is set you can't use application/json.

 

Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

I have no problems on my server doing making Ajax requests to a resource on the same domain, e.g. memes.dankness.website/index.html making a get request to memes.dankness.website/session.php. I haven't tried POST requests (done using Ajax) but I don't think those would require the ACAO header on the same domain.

Speedtests

WiFi - 7ms, 22Mb down, 10Mb up

Ethernet - 6ms, 47.5Mb down, 9.7Mb up

 

Rigs

Spoiler

 Type            Desktop

 OS              Windows 10 Pro

 CPU             i5-4430S

 RAM             8GB CORSAIR XMS3 (2x4gb)

 Cooler          LC Power LC-CC-97 65W

 Motherboard     ASUS H81M-PLUS

 GPU             GeForce GTX 1060

 Storage         120GB Sandisk SSD (boot), 750GB Seagate 2.5" (storage), 500GB Seagate 2.5" SSHD (cache)

 

Spoiler

Type            Server

OS              Ubuntu 14.04 LTS

CPU             Core 2 Duo E6320

RAM             2GB Non-ECC

Motherboard     ASUS P5VD2-MX SE

Storage         RAID 1: 250GB WD Blue and Seagate Barracuda

Uses            Webserver, NAS, Mediaserver, Database Server

 

Quotes of Fame

On 8/27/2015 at 10:09 AM, Drixen said:

Linus is light years ahead a lot of other YouTubers, he isn't just an average YouTuber.. he's legitimately, legit.

On 10/11/2015 at 11:36 AM, Geralt said:

When something is worth doing, it's worth overdoing.

On 6/22/2016 at 10:05 AM, trag1c said:

It's completely blown out of proportion. Also if you're the least bit worried about data gathering then you should go live in a cave a 1000Km from the nearest establishment simply because every device and every entity gathers information these days. In the current era privacy is just fallacy and nothing more.

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
4 hours ago, Organized said:

Add the Access-Control-Allow-Origin Header with appropriate parameters to your webserver. That's XSS protection, you should look it up how it works.

 

Insomnia ignores XSS protection, that's why it works using it and not in your browser.

I don't have access to the web server, and the web server has Access-Control-Allow-Origin set to *. At least that's what returned when I made a post request with Insomnia.

 

I'm launching a JavaScript program through the developer console opened on the site in case your confused what I'm doing.

 

Besides, it worked just fine before. All of a sudden it stopped and started giving me this error.

Don't talk about stale memes.

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×