Cross-Origin Request Blocked

Question

So I ve got this Go http handler that stores some POST content into the datastore and retrieves some other info in response  On the back-end I use   func handleMessageQueue w http ResponseWriter  r  http Request        w Header   Set  Access-Control-Allow-Origin            if r Method     POST             c    appengine NewContext r           body       ioutil ReadAll r Body           auth    string body             r Body Close           q    datastore NewQuery  Message   Order  -Date            var msg   Message         key  err    q GetAll c   amp msg           if err    nil               c Errorf  fetching msg   v   err              return                    w Header   Set  Content-Type    application json           jsonMsg  err    json Marshal msg          msgstr    string jsonMsg          fmt Fprint w  msgstr          return           In my firefox OS app I use   var message    content    request   new XMLHttpRequest    request open  POST    http   localhost 8080 msgs   true    request onload   function          if  request status  gt   200  amp  amp  request status  lt  400               Success          data   JSON parse request responseText           console log data         else              We reached our target server  but it returned an error         console log  server error              request onerror   function             There was a connection error of some sort     console log  connection error        request send message     The incoming part all works along and such  However  my response is getting blocked  Giving me the following message   Cross-Origin Request Blocked  The Same Origin Policy disallows reading the remote resource at http   localhost 8080 msgs  This can be fixed by moving the resource to the same domain or enabling CORS    I tried a lot of other things but there is no way I can just get a response from the server  However when I change my Go POST method into GET and access the page through the browser I get the data that I want so bad  I can t really decide which side goes wrong and why  it might be that Go shouldn t block these kinds of requests  but it also might be that my javascript is illegal

User · Accepted Answer

Egidius  when creating an XMLHttpRequest  you should use  var xhr   new XMLHttpRequest  mozSystem  true      What is mozSystem   mozSystem Boolean  Setting this flag to true allows making cross-site connections without requiring the server to opt-in using CORS  Requires setting mozAnon  true  i e  this can t be combined with sending cookies or other user credentials  This only works in privileged  reviewed  apps  it does not work on arbitrary webpages loaded in Firefox   Changes to your Manifest  On your manifest  do not forget to include this line on your permissions    permissions             systemXHR

User · Answer

You need other headers  not only access-control-allow-origin  If your request have the  Access-Control-Allow-Origin  header  you must copy it into the response headers  If doesn t  you must check the  Origin  header and copy it into the response  If your request doesn t have Access-Control-Allow-Origin not Origin headers  you must return       You can read the complete explanation here  http   www html5rocks com en tutorials cors  toc-adding-cors-support-to-the-server  and this is the function I m using to write cross domain headers   func writeCrossDomainHeaders w http ResponseWriter  req  http Request           Cross domain headers     if acrh  ok    req Header  Access-Control-Request-Headers    ok           w Header   Set  Access-Control-Allow-Headers   acrh 0             w Header   Set  Access-Control-Allow-Credentials    True       if acao  ok    req Header  Access-Control-Allow-Origin    ok           w Header   Set  Access-Control-Allow-Origin   acao 0         else           if    oko    req Header  Origin    oko               w Header   Set  Access-Control-Allow-Origin   req Header  Origin   0             else               w Header   Set  Access-Control-Allow-Origin                            w Header   Set  Access-Control-Allow-Methods    GET  POST  PUT  DELETE       w Header   Set  Connection    Close

User · Answer

You have to placed this code in application rb  config action dispatch default headers              Access-Control-Allow-Origin    gt                Access-Control-Request-Method    gt   w GET POST OPTIONS  join

[ajax] Cross-Origin Request Blocked

Examples related to ajax

Examples related to google-app-engine

Examples related to go

Examples related to cors

Examples related to firefox-os