CORS with Delphi MVC Framework - http

I'm testing TMS WEB Core 2 and DMVC 3.2.2 (latest) on Delphi 11.2 by me test machine locally.
I've created a simple DMVC server with all default's setup through the wizard nothing fancy except added the CORS option.
I've created a TMS Web core project with all default's setup as well with a WebHttpRequest and WebMemo components.
I ran the DMVC server and can get the result beautify on the browser.
I ran the TMS Web core project to send a request to the server using
WebHttpRequest which is like this:
WebHttpRequest1.URL := 'http://localhost:8080/api/test';
WebHttpRequest1.Execute(
procedure(AResponse: string; AReq: TJSXMLHttpRequest)
begin
WebMemo1.Lines.Add(AResponse);
end
);
However I got this error:
ERROR
HTTP request error #http://localhost:8080/api/test | fMessage::HTTP request error #http://localhost:8080/api/test fHelpContext::0
at http://localhost:8000/Project1/Project1.js [263:50]
and the browser developer console shows:
Access to XMLHttpRequest at 'localhost:8080/api/test' from origin 'localhost:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'localhost:8080' that is not equal to the supplied origin.
I want to send a request from the client to the server and get the respond in the WebMemo..
I've checked online to find that it's a backend-end problem, and some say its related to CORS, So How can I enable the CORS on server side using DMVC?

Your configuration prevents the client from connecting.
Both the server name and the port must match the CORS rule. To fix this, change the CORS header to a matching value.
This could be
Access-Control-Allow-Origin: http://localhost
or
Access-Control-Allow-Origin: http://localhost:8000
Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

Related

Migration a jmeter project from v3 to v5 : issue with soap request

i have a working project with jmeter 3.1 using soap request sampler :
Project Jmeter with version 3.1
Http header manager congig
i tried to figure out the same project with jmeter version 5 using http request like this :
Project jmeter version5
but i receive always those 2 error :
Error received
can you help on this please ?
I don't know what is in your HTTP Header Manager, but the system under test complains that you're not providing correct Content-Type header which must be text/xml
I believe if you add this header at least this issue will go away.
Going forward you can just record your test from JMeter 3.x in JMeter 5.x and it will generate relevant HTTP Request samplers and HTTP Header Managers.
More information: Testing REST\SOAP Web services

Sec-Fetch-Mode, Sec-Fetch-Dest, Sec-Fetch-Site in request header creating CORS issue

On the backend endpoint that I am requesting from my website using axios, most of the browsers do not have "sec-fetch-mode" and "sec-fetch-site" set on the request headers and they seem to work fine.
However, few browsers set the headers sec-fetch-mode:cors, sec-fetch-dest: empty and sec-fetch-site:same-site, and in that case the connection is closed and the browser console shows the following error.
Access to XMLHttpRequest at 'https://site-url.xyz/endpoint1' from origin
'https://xxx.site-url.xyz' has been blocked by CORS policy: No
'Access-Control-Allow-Origin' header is present on the requested resource.
The backend has the following config:
response.headers.add('Access-Control-Allow-Origin', "*")
response.headers.add('Access-Control-Allow-Headers', 'Content-Type, Authorization')
response.headers.add('Access-Control-Allow-Methods', 'GET,PUT,POST,OPTIONS')
response.headers.add('Strict-Transport-Security', 'max-age=31536000; includeSubDomains')
Is there a way to control these headers from code, either from front-end or from backend?
So the issue was with Nginx configuration on the backend. It could only accept max file size of 1MB by default. So some people were able to upload docs and some were not. It's weird that I was seeing CORS issue on console.

Symfony 4 api Restful No 'Access-Control-Allow-Origin' header is present on the requested resource, only for one resource

I am using Symfony 4 as Restful API, I was working perfectly with calling the api from a VueJS application.
Today, I needed to add an another resource on the api but when I want to call it to get data from Vuejs I get "No 'Access-Control-Allow-Origin' header is present on the requested resource".
Only for this entity, for the others it's working.
Your problem is related to CORS:
Cross-Origin Resource Sharing (CORS) is a mechanism that uses
additional HTTP headers to tell a browser to let a web application
running at one origin (domain) have permission to access selected
resources from a server at a different origin. A web application makes
a cross-origin HTTP request when it requests a resource that has a
different origin (domain, protocol, and port) than its own origin.
One of the possible solutions can be installing NelmioCorsBundle. This will bring CORS handling directly to your application.
Another solution can be adding this header in your web server (How do I add Access-Control-Allow-Origin in NGINX?).

Vue-Request not sending Authorization Header

I'm using VueJS with vue-request for http requests. I'm trying to subscribe an user to a Mailchimp list but Mailchimp uses BasicAuth, so I'm doing as such:
scope.$http.post('https://us15.api.mailchimp.com/3.0/lists/listid/members',
{...mydata...}, {headers: {Authorization: 'Basic myencodedAPIkey'}})
But I get an error from the API: 401 Unauthorized - Your request did not include an API key.
So I check the Network log on Chrome and the Authorization is on my headers like this: **Access-Control-Request-Headers: authorization** but it should be like **Authorization: myencodedAPIkey**
On the Console the error appears as:
XMLHttpRequest cannot load
https://us15.api.mailchimp.com/3.0/lists/listid/members. Response
to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://127.0.0.1:8000' is therefore not allowed
access. The response had HTTP status code 401.
When I use Postman it works just fine as the header is correctly sent.
This problem seems to have been solved here with setting the header on every request
https://laracasts.com/discuss/channels/vue/how-to-solve-the-allow-control-allow-cross-in-the-vuejs-header-request-setting?page=2
and here through setting it once
Vue-Request not sending Authorization Header
You are getting CORS error, when you are trying to request from one host to another, and the 'another' part does not allow it to happen. To prevent this error you can use webpack proxy configuration, so this way you do not have cross origin request, but I don't know how you will deal with this in production environment if your api does not allow cross origin requests.
In a project I'm working on, our devServer configuration is as follow
proxy: {
'/api': {
target: 'http://localhost:8080/'
}
},
with this, any request happening on /api/any/url will be redirect to localhost:8080/api/any/url

Setup error codes on IIS 6.0

I want the IIS server to return HTTP 304 (Not Modified) when a particular file is accessed.
How can I set this up?
Check the "Enable Content Expiration" box on the HTTP Headers tab in IIS Manager:
IIS 6.0 F1: Web Site Properties - HTTP Headers Tab
AFAIK, it isn't possible to do this (in IIS). There are a few criteria that have to be met for this code to be sent out:
Client must have cached copy of page.
The request's If-Modified-Since HTTP Header Time/date stamp must match what's on the server.
If both of those conditions are true, the server will return a HTTP 304 status code.

Resources