Im trying to run a website with socket.io Vue-Socket.io and want to enable DDOS protection from cloudflare. As I know cloudflare supports websocket-servers such as socket.io.
After I enabled cloudflare successfully and changed the ports of my socket-connection, the google dev console tells me:
Failed to load http://my-domain.com:2083/socket.io/?EIO=3&transport=polling&t=M9uD7PJ: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://my-domain.com.com' is therefore not allowed access. The response had HTTP status code 400.
Someone can tell me what I have to change?
PS: Im working with the vuejs-cli
This is a CORS issue.
In your socket.io server, add the configuration to enable CORS: server.origin().
In your case:
io.set('origins', 'http://my-domain.com:2083');
Again this is a server-side issue, it is just being reflected in Vue. But there's nothing Vue (or the client-side) can do about it.
I played around with some of the examples of #acdcjunior and found a solution finally.
On my server I implemented:
io.set('origins', 'http://my-domain.com:*');
For the clients I connect to the socket server:
export const SocketInstance = socketio('my-domain.com:2082');
don't ask me why, but I tried and tried around for about 7 Hours.. love programming :)
Related
StackOverflow Community,
I have a problem that someone may have solved before, but I find it truly confounding.I'm running a flutter web server on a vm in Azure with
flutter run --release -d web-server --web-port 8081
After getting CORS error attempting to hit Maps or Places API, I elected to run another instance of NGROK with the --host-header=rewrite flag, as I have done for other APIs to avoid this CORS error. This works fine with all of the other APIs we are hitting.
However, when serving this app, I still get a very similar CORS error, identifying items hidden:
Access to XMLHttpRequest at 'https://hidden1.ngrok.io/maps/api/place/autocomplete/json?input=s&key=hidden&sessiontoken=hidden' from origin 'https://hidden2.ngrok.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.Hidden1 is my maps API redirect and Hidden2 is my app's dev redirect.
Am I still getting this error because I somehow need to serve place autocomplete, in this case, from the same subdomain as the app's subdomain?? I'm confused, because this is not a constraint of any other APIs I remember using in the past.
I still get a 200 response with this CORS error, but chrome refuses to do anything with it unless I use a CORS-enabling extension.
If I do need to redirect Places and the app's Web Server through the same URL, are there any recommendations for doing this?
Thanks in advance for your time and thoughts..
I set everything well and some https request did be proxied well, but some are still unknown , is there any new way I don't known to prevent being proxied ?
I found that the https connections checked the cert on apps their own. Which means you can't just add the cert to your device's system and hope it works.
There are more works should be done to capture these data by using proxy.
More detailed things are you have to hack the app to capture. For those information just google "JustTrustMe".
My company uses PAC file to restrict any outgoing traffic through proxy server. The problem is, a lot of software does not provide the option to 'use IE setting', so that they cannot be connected to the internet.
I checked this PAC file up and found the right proxy server. But after I tried to use the proxy setting for these IE-unfriendly software, they still cannot get online. I used chrome to capture some packages and found the http header containing some Negotiation data. So I assume this proxy server uses some auto login mechanism like NTLM or kerberos.
But after I downloaded the famous Proxifier and tried to reroute the net traffic for some software, NTLM method did not work. I get the 502 error. Bummer...
Any hero comes to help! Am I thinking in the wrong way? Merci beacoup!
This is not a programming question but, did you try
cntlm (http://cntlm.sourceforge.net/) or
ntlmaps (http://ntlmaps.sourceforge.net/)?
Hope this helps
I created a simple vanilla ToDo from azure mobile template to test the service but don't seem to work correctly. I can connect to https://phonegapwil.azure-mobile.net from localhost with mobile services but not after I published site, http://phonegapwil.azurewebsites.net/
error message I get:
XMLHttpRequest cannot load https://phonegapwil.azure-mobile.net/tables/todoitem?$filter=(complete%20eq%20false). No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://phonegapwil.azurewebsites.net' is therefore not allowed access. The response had HTTP status code 400.
I also tried "*" for the CORS but no go.
Any ideas? Thanks
Thanks for your reply #phillipv. I used "*" but still didn't work. I used .net as my mobile service back-end and that was the problem. Seems like they have a bug. I recreated this using node back-end and worked without an issue.
come on Microsoft
I saw a nuget fix here
cors not working with azure mobile service .net backend
I am trying to enable BOSH connection over Openfire so that i can create a XMPP client over a web. curretly i am testing it with the strophe.js.
the problem is when i try to fire following url in a browser i am getting
http://www.mydomain.com:7070/http-bind
following error
HTTP ERROR 400
Problem accessing /http-bind/. Reason:
Bad Request
Powered by Jetty://
here is my server setting , i saw few threads but they arent helpful
update
i have made a connection using strophe but i am getting following error in browser trance
its now working in my system.
i think your error encountered may actually be a configuration issue with the openfire.
It is designed to reply with HTTP 400 Bad Request if there is no element in the request. You can test this yourself by providing a element in your query.
Try the following URL in your browser:
http://www.servername:7070/http-bind/?<body rid="1"/>
In your update Strophe is sending OPTIONS HTTP requests which means that it is negotiating cross domain communication. Requests are painted red which means that this is failing for some reason. Probably misconfiguration.
There is a nice article about that here: http://metajack.im/2010/01/19/crossdomain-ajax-for-xmpp-http-binding-made-easy/
Otherwise, when Strophe does its regular BOSH communication it uses POST method.
Your setup is correct. The page the browser displays to you is also normal. Openfires BOSH component is not designed to work in a Browser with HTTP GET, only with BOSH clients like strophe. Try to connect with strophe.
You should use proxy to repost the request to the openfire server . Because, the js post cannot support cross domain.
Notes:
1.I use jsjac , but I think it's not important .
2.If you sure your config is right , please restart you openfire server . It's my experience .
If server is properly configured it should display
HTTP ERROR: 404
Problem accessing /http-bind/. Reason:
Not Found
Powered by Jetty://
The Bad Request was gone when I uninstall and reinstall Openfire as in
here.
Below works for me, i am pinging the openfire server after some interval so, clients remains alive...
i just append "/?<body rid='1'" with the server name and i don't have 400 bad request error.
XMPPconnection.sendIQ($iq({ to: XMPPserver+"/?<body rid='1'/>", from: CurrentUserJID, type: "get" }).c('ping', { xmlns: "urn:xmpp:ping" }));