Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About Heretic86

  • Rank

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I am close to giving up on this since I feel like no one has even looked at the code... I just dont get why I cant send the cookie even though I am sending what I think is all the proper credentials with the request... const loadLocalXMLCookie = async function(data = { action : 'getDisplayName' } ) { let url = 'jsondata.php'; const response = await fetch(url, { method: 'POST', mode: 'cors', cache: 'no-cache', credentials: 'same-origin', headers: { 'Content-Type': 'application/json' }, redirect: 'follow', referrerPolicy: 'same-origin', bo
  2. I saw the same thing, but it is not. Its hosted on a web server. Granted it is a Localhost server, but it still uses an IP, hell, it even has to route through my VPN IP to get back to itself. I have even gone so far as to set up another Domain Name (hosts file) and make my requests that way so the Iframe part of the page is coming from a different domain and it still doesnt work. I just dont have any idea where I am doing it wrong!
  3. Should be same as above: Console (Firefox): Access to fetch at 'https://www.webucate.me/cors_csp/jsondata.php' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://www.webucate.me' that is not equal to the supplied origin. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. iframe.php:59 POST https://www.webucate.me/cors_csp/jsondata.php ne
  4. That is the intent. Its Iframed so the content can be posted on other websites. Iframe also allows Sandboxing the code, which if it comes from another domain, should be restricted access to the rest of the window and document content. And visa versa. Iframe keeps it as just a Container to prevent malicious code from compromising other sites too. It should prevent popups, accessing the rest of the document element, keystrokes when not focused, etc. The cookie is needed for connecting to the Users account to "like" or "share" or whatever. So yes. I know I set something up very wrong.
  5. Request Headers: OPTIONS /cors_csp/jsondata.php HTTP/1.1 Host: www.webucate.me User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: null DNT: 1 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache Response Headers: HTTP/1.1 200 OK Date: Wed, 07 Apr 2021 08:44:44 GMT Server: Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.4.11 X-Powered-By: PHP/7.4.11 Access-Control-Allow-Cred
  6. It appears that MySql does not play well with numbered indexes. So... moving on... If one field had an array of objects, such as a list of songs or something, how would we extract all names from one result? For example, the database result for just "pets" could be something like this string: [{"id" : "1", "name": "fido", "age":"5"}, {"id" : "2", "name": "rover", "age":"3"},{"id" : "3", "name": "woofie", "age":"1"}] Then from that list, get just the Name property from each member of the array? Admittedly, this may not be the best approach, its just me learning more about what
  7. Well, according to the link to the following article, the "withCredentials" flag (XMLHttpRequest, credentials: 'include' in fetch()), you CAN have a cookie set with HTTPONLY and STILL send that cookie without allowing script access. It is an Exception to the HTTPONLY cookie can not be read by scripts rule. https://medium.com/@_graphx/if-httponly-you-could-still-csrf-of-cors-you-can-5d7ee2c7443 So it isnt the HTTPONLY flag that is causing my issue. I am just not familiar enough with CORS setups. Anyway, as far as I can tell, it looks like there is an "Origin" header that is
  8. What I would like to do is to is to have a User Forum that allows Users to upload their own Javascript files that will run on other Users computers. I am aware of how dangerous that is. It can be done IF done properly. The User scripts are intended to be run ONLY inside a Sandboxed Iframe with very restrictive CORS policies in place. I have already done this. CORS and Sandboxing allows preventing all XMLHttpRequests / Fetch requests to external sites so there is much less chance of a Users computer being compromised or trying to download malicious packages. I take that back. There i
  9. Hello all, this is my introduction on this forum. Hopefully I can get some questions answered and answer a few that I have answers to. So, first question, what subforum would be best suited for a CORS related question? I know to not post that question here as this is an Introduction forum.
  10. Hi! I want to have an Indexed Array with Indeces I define. In PHP I can do it like this: $my_array = [1=> "foo", 3=> "bar", 11 => "baz"]; I've tried this but MySQL JSON field type does not like it... [ 1 : {"name" : "Foo"}, 3 : {"name" : "bar"}] The variations I have tried end up making the Index an Object Property not an Array Index. How do I set the Index in a JSON Field Type in a MySQL database?
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.