SOme of my clients from the UK are not able to see a module of mine which use the Twitter api.
WHen ilogin remotely and check the errors , i get the following.
XMLHttpRequest cannot load http://api.getmytweets.co.uk/?screenname=philipbeel&limit=5&undefined=undefined. Origin http://plugins.theodin.co.uk is not allowed by Access-Control-Allow-Origin.
Accoring to another related question on stackoverflow i can resolve this by adding a HTTP response header to allow Access-Control-Allow-Origin.
HOW can i do this???
I found a workaround to this. Infact a solution. The new twitter API 1.1 uses a Oauth plugin. So there is a PHP code which i got from https://github.com/abraham/twitteroauth and entered the keys i got by registering an application on twitter and then i used the json generated by the php and formatted it using jquery using another javascript...
This is the solution i got from http://www.webdevdoor.com/php/authenticating-twitter-feed-timeline-oauth/
Thanks a lot TOM
Related
Good afternoon. I log in to one site using my username/ password
I pulled an unofficial API from the site. Registration on a direct request to him with the transfer of JSON was successful
But further use of the API requires the Authorization key -
see screenshot
How do I get it and use it for API requests? I tried to get cookies, but nothing changes with them
I just started learning request and stopped right there, sorry if the question is stupid and I'm wasting your time
Reading the documentation is a powerful tool that programmer must leverage you can see in Requests documentation they already gave you the example
r = requests.get('https://api.github.com/user', auth=('user', 'pass'))
r.status_code
>>> 200
r.headers['content-type']
>>> application/json; charset=utf8
We have an existing site that is built and deployed in Adobe CQ5.5.
Now we are planning to migrate it to AEM 6. We have successfully installed the instance and deployed the site.
But when we try making any changes like adding a new component it does not allow the operation. It says something "Your request could not be completed because you have signed out"
See: http://docs.adobe.com/docs/en/dispatcher/security-checklist.html#par_title
AEM 6.1 has cross-site request forgery security features that requires you to do a bit of work to allow the /bin/wcmcommand request to authenticate from the dispatcher.
To see what I mean, open up your dev tools and go to the Network tab. When you try the action, you should see a wcmcommand request:
I bet you are getting a status code of 401 or 403.
Follow the instructions I started this post with to fix this.
Good luck!
#bfosterscripps provided this link which was helpful.
https://docs.adobe.com/docs/en/dispatcher/security-checklist.html#par_title
Just to follow-up. I faced this issue, and for us it was caused by a misconfiguration of the distpatcher. Adding a rule for "CSRF-Token" made the difference. You may also need to check that /libs/granite/csrf/token.json is not blocked.
/authorfarm {
# client headers which should be passed through to the render instances
# (feature supported since dispatcher build 2.6.3.5222)
/clientheaders {
....
"CSRF-Token"
}
I am trying to call a php website through API, which gives the below Error 403.
Kindly check my code below. If anyone has a solution kindly help me.
I guess your request is true, but the website detects that an application tries to get to website and blocks the request to stop scrapping website.
If you want to pass the server filter, I think you should check a request to this website from a browser and then add the browser headers to your request so the server assume it as a browser and will accept it.
For example,I hava a pnacl myapp.pexe , And my website is www.A.com. and myapp.pexe and www.A.com are on the same server. However, the website www.B.com need to access the myapp.pexe. And i got a error, Native Client: access to manifest url was denied.
Using CORS can slove this problem? If using CORS can slove this problem, how to do ?
This answer is not Native Client specific. Accessing Native Client resources from another origin uses the standard CORS mechanism.
To answer your question, though:
This can be done by setting up the correct CORS response headers on the A.com server. There are many online resources that can describe how to do this: take a look at http://www.html5rocks.com/en/tutorials/cors/ for example.
For the simplest case, the solution is to return one additional header in the GET response for myapp.pexe and myapp.nmf:
Access-Control-Allow-Origin: http://A.com
There are more headers that are required for other request method types, content types, sending credentials, etc.
I use Uber's API to create a WordPress plugin so people can order taxis to your physical location.
I'm looking at integrating the Price Estimates using the endpoint here - https://developer.uber.com/v1/endpoints/#price-estimates - I've a solution but having a bit of problem implementing it.
I'm getting an error on testing which in Google Chrome Developer Tools which states "Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers."
I suspect it's due to the fact that the testing server is insecure, as the app Origin ID and Redirect ID begins with https:// (as I'm unable to add http://).
Will I be able to access the price estimates over http at all? I'm using the server_token way of authentication as feel it's probably the best way to do it.
Any help would be gratefully received :)
The Uber API only, and will only ever, support HTTPS.