Click here to Skip to main content
15,389,797 members
Home / Discussions / JavaScript
   

JavaScript

 
GeneralRe: Cannot figure out what code lines does mean ... Pin
Member 150126178-Apr-21 22:49
MemberMember 150126178-Apr-21 22:49 
QuestionRedirect with (Page Visibility API) Pin
ab smine19-Mar-21 10:38
Memberab smine19-Mar-21 10:38 
QuestionNode-Schedule Module Can't Cron Job Scheduled Long Time Pin
Barış KAHRAMAN19-Mar-21 10:02
MemberBarış KAHRAMAN19-Mar-21 10:02 
QuestionCalculation in javascript Pin
Krasimir Dermendzhiev16-Mar-21 3:31
MemberKrasimir Dermendzhiev16-Mar-21 3:31 
AnswerRe: Calculation in javascript Pin
Richard Deeming16-Mar-21 4:39
mveRichard Deeming16-Mar-21 4:39 
GeneralRe: Calculation in javascript Pin
Krasimir Dermendzhiev16-Mar-21 21:36
MemberKrasimir Dermendzhiev16-Mar-21 21:36 
GeneralRe: Calculation in javascript Pin
Krasimir Dermendzhiev30-Mar-21 4:22
MemberKrasimir Dermendzhiev30-Mar-21 4:22 
QuestionJavascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Member 1510027614-Mar-21 21:50
MemberMember 1510027614-Mar-21 21:50 
Hi all, first post here...

I am playing with Content Security Policies and some other stuff trying to figure out how to add a bit if security for users. Ive created about a dozen pages, all nicely and neatly working together so far. All garbage test stuff, but its not working as I have hoped.

One of the functions I need to work is to use AJAX to load data from a PHP script including a cookie with an HttpOnly flag set, so Javascript cant read it.

Trouble is that no matter what I try short of turning off ALL security (which aint gonna happen), I can not get my AJAX call to not violate Cross Origin Request Policy. What is throwing me off is that I dont believe it should be Cross Origin at all! I know one way to do it is to process the "Origin" header when sending the request but its never actually sent! Typically it is not, except for when "withCredentials" flag is also set, which it is. If thats what I gotta do, fine, but I cant get it to work. Better solution is make sure it is NOT treated as Cross Origin, and I believe that would also resolve it. Both my solutions are evading me!

The script is in "iframe.php"

So here is my test page on my test server:
https://www.webucate.me/cors_csp/

Full source is here:
https://www.webucate.me/cors_csp/ajax.php

This is where it fails on me. This AJAX call wont send the cookie. I am not sure if this is where I need to fix it however...

JavaScript
const loadLocalXMLCookie = function(){
  // This isnt working, I get a CORS Violation
  let url = "jsondata.php";
  var xhttp = new XMLHttpRequest();
  // Third Argument of "true" allows XLMHttpRequest2 which allows sending Cookies via AJAX
  xhttp.open("GET", url, true);
  // withCredentials should send Cookies via the request, and should not be needed on SameSite
  xhttp.withCredentials = true;       
  xhttp.onreadystatechange = function() {
    console.log(this);
    if (this.readyState == 4 && this.status == 200){
      outputElement.innerHTML = this.responseText;
    } 
  };
  xhttp.onerror = function(){ outputElement.innerHTML = "XML Cookie Error " + url; };
  xhttp.send();       
}


What can I do so that this XMLHttpRequest object is not treating the request as Cross Origin, thus, use PHP to read and set the cookie? If I have to use Cross Origin, what am I missing in my setup?
AnswerRe: Javascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Richard Deeming14-Mar-21 22:39
mveRichard Deeming14-Mar-21 22:39 
GeneralRe: Javascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Member 1510027614-Mar-21 23:11
MemberMember 1510027614-Mar-21 23:11 
GeneralRe: Javascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Richard Deeming14-Mar-21 23:29
mveRichard Deeming14-Mar-21 23:29 
GeneralRe: Javascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Member 1510027615-Mar-21 7:56
MemberMember 1510027615-Mar-21 7:56 
GeneralRe: Javascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Richard Deeming15-Mar-21 22:31
mveRichard Deeming15-Mar-21 22:31 
GeneralRe: Javascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Member 1510027616-Mar-21 6:49
MemberMember 1510027616-Mar-21 6:49 
Questionif statement not working Pin
chizzy4211-Mar-21 7:53
Memberchizzy4211-Mar-21 7:53 
AnswerRe: if statement not working Pin
NotTodayYo11-Mar-21 8:24
MemberNotTodayYo11-Mar-21 8:24 
AnswerRe: if statement not working Pin
W Balboos, GHB11-Mar-21 8:45
mveW Balboos, GHB11-Mar-21 8:45 
GeneralRe: if statement not working Pin
chizzy4213-Mar-21 4:03
Memberchizzy4213-Mar-21 4:03 
GeneralRe: if statement not working Pin
Member 1510027615-Mar-21 8:15
MemberMember 1510027615-Mar-21 8:15 
GeneralRe: if statement not working Pin
chizzy4217-Mar-21 2:28
Memberchizzy4217-Mar-21 2:28 
QuestionBeginner 5 Project idea Pin
Member 1373246628-Feb-21 14:29
MemberMember 1373246628-Feb-21 14:29 
AnswerRe: Beginner 5 Project idea Pin
Richard MacCutchan28-Feb-21 21:37
mveRichard MacCutchan28-Feb-21 21:37 
AnswerRe: Beginner 5 Project idea Pin
Scott Butchers19-Mar-21 3:26
MemberScott Butchers19-Mar-21 3:26 
QuestionHow to navigate to next search term in angular with up and down arrow buttons? Pin
shruti devurkar18-Feb-21 5:54
Membershruti devurkar18-Feb-21 5:54 
SuggestionRe: How to navigate to next search term in angular with up and down arrow buttons? Pin
CHill6018-Feb-21 5:55
mveCHill6018-Feb-21 5:55 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.