Getting CORS Error on website

FiloSottile / Heartbleed

A checker (site and tool) for CVE-2014-0160

http://filippo.io/Heartbleed

MIT License

2.31k stars 463 forks source link

Getting CORS Error on website #24

Open saluce65 opened 10 years ago

saluce65 commented 10 years ago

I attempted to run against us.battle.net and encountered this in my Chrome console log:

XMLHttpRequest cannot load http://bleed-1161785939.us-east-1.elb.amazonaws.com/bleed/us.battle.net. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://filippo.io' is therefore not allowed access.

I get the same issue under IE11 also.

saluce65 commented 10 years ago

It might be a firewall issue on my work computer, because it works fine from my Android phone. One thing, though...the docs state that a code of 0 means safe and 1 means vulnerable, but the website response from the amazonaws.com has those numbers reversed (1 means safe, 0 means vulnerable), as evidenced by http://bleed-1161785939.us-east-1.elb.amazonaws.com/bleed/yahoo.com

FiloSottile commented 10 years ago

The command line tool has indeed a inverted convention :(

Couldn't change website too because of cached js around.

FiloSottile commented 10 years ago

CORS issue is probably your side