search

jpillora / xdomain

A pure JavaScript CORS alternative
https://jpillora.com/xdomain/
3.12k stars 270 forks source link

blocked request #25

Closed serafinomb closed 10 years ago

serafinomb commented 10 years ago

I think I've everything set up just right but I get this message:

xdomain (http://slave-url.com): blocked request from: 'http://master-url.com'

and on slave domain on load I get this:

xdomain (http://slave-url.com): slaves must be in an iframe

Have anyone any idea of what's causing the issue?

serafinomb commented 10 years ago

Solved by adding this:

Header add Access-Control-Allow-Origin "*" Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type" Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

In the Slave .htaccess.

jpillora commented 10 years ago

Blocked means you've misconfugured it somehow

You haven't actually fixed it, you're just using cors now. You can use cors if you like but you won't have easy IE support.

If you want to use XDomain, can you post your code? Script tags used?

On Saturday, December 14, 2013, blueowner wrote:

Solved by adding this:

Header add Access-Control-Allow-Origin "*" Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type" Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

In the Slave .htaccess.

— Reply to this email directly or view it on GitHubhttps://github.com/jpillora/xdomain/issues/25#issuecomment-30514243 .

serafinomb commented 10 years ago

I've noticed an iframe in the master-site and no errors a few ago.. Tried to remove the .htaccess lines and indeed it's working fine with no errors.

I've used the same code shown in the Quick Usage.

jpillora commented 10 years ago

Okay good to hear. Yup the quick usage code should do it.

On Saturday, December 14, 2013, blueowner wrote:

I've noticed an iframe in the master-site and no errors a few ago.. Tried to remove the .htaccess lines and indeed it's working fine with no errors.

I've used the same code shown in the Quick Usage.

— Reply to this email directly or view it on GitHubhttps://github.com/jpillora/xdomain/issues/25#issuecomment-30525959 .

pasupulaphani commented 9 years ago

I'm now facing this error. How did you solve this exactly?

pasupulaphani commented 9 years ago

This worked for me: proxy.html

<!doctype html>
<script src=" * path to script here * /xdomain.min.js" data-master="*"></script>

In index.html

<script src=" * path to script here * /xdomain.min.js"></script>
<script>
  xdomain.slaves({
    'http://www.example.co.uk': '/proxy.html'
  });
</script>
c0mrade commented 9 years ago

Solution to this is very misleading. And I mean both by @Blueowner and @pasupulaphani . Solution is to turn off the 'X-Frame-Options' header for the proxy.html

pasupulaphani commented 9 years ago

Thank you very much @c0mrade . I will try what u said and will edit my above comment.

jpmckearin commented 9 years ago

@c0mrade Can you elaborate on what you mean by "turn off" the X-Frame-Options header? Looking at the specs for X-Frame-Options state that the only options are DENY, SAMEORIGIN, and ALLOW-FROM uri. Could you follow up as well, @pasupulaphani

c0mrade commented 9 years ago

means remove it