I seem to be hitting a lot of walls due to the safety precautions taken by browsers to avoid XSS attacks.
Basically I have some exposed api on Heroku, ie: myapi.herokuapp.com/get/stories
but when trying to make such requests from a plain Client.html
file on my Desktop, say via XMLHttpRequest
or WebSocket
, I get NS_ERROR_DOM_BAD_URI
or variants thereof.
Am I trying to do something nonsensical?
Nope, it's not nonsensical. You should be able to access it just fine if you have the API and client configured for such requests. For reference, here are some of my (working) settings, with my API hosted on Heroku and accessible from localhost
API (backend)
server.connection {
port: process.env.PORT
routes:
cors:
origin: ['*']
credentials: true
additionalHeaders: ['X-Requested-With']
}
Angular (frontend)
angular.module('app.core').config ($locationProvider, $stateProvider, $urlRouterProvider, $httpProvider, $cookiesProvider) ->
$locationProvider.html5Mode true
## Configure CORS
$httpProvider.defaults.useXDomain = true
$httpProvider.defaults.withCredentials = true
delete $httpProvider.defaults.headers.common["X-Requested-With"]
$httpProvider.defaults.headers.common["Accept"] = "application/json"
$httpProvider.defaults.headers.common["Content-Type"] = "application/json"
# $httpProvider.defaults.headers.common["X-Requested-With"] = "XMLHttpRequest"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.