Solved

CORS and a local file

Posted on 2013-05-17
4
908 Views
Last Modified: 2013-05-22
I need to do some cross site scripting work with a local file for testing.  My application is just calling a javacript api on a different server. It is easier to work locally.  I change a setting on my browser (can't remember but can find it) to allow this.  I want to turn that back on so I don't get a crazy virus.  I heard about CORS.  How can I do this with a local file?
0
Comment
Question by:jackjohnson44
  • 2
4 Comments
 
LVL 75

Accepted Solution

by:
Michel Plungjan earned 500 total points
ID: 39178136
I personally wrote a simple proxy on my own server using CURL

Be aware that this exposes the service to anyone who can guess the URL of your proxy

<?php
/**
 *  An example CORS-compliant method.  It will allow any GET, POST, or OPTIONS requests from any
 *  origin.
 *
 *  In a production environment, you probably want to be more restrictive, but this gives you
 *  the general idea of what is involved.  For the nitty-gritty low-down, read:
 *
 *  - https://developer.mozilla.org/en/HTTP_access_control
 *  - http://www.w3.org/TR/cors/
 *
 */
function cors() {

    // Allow from any origin
    if (isset($_SERVER['HTTP_ORIGIN'])) {
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400');    // cache for 1 day
    }

    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

        exit(0);
    }
}
cors();
header("content-type: application/json");

$callback = $_GET["callback"];
$url = "...."; // site that needs accessing
$username="..."; // if password protected
$password="...";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password"); // may not be needed
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); // may not be needed
$output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
echo $callback."(".$output.")"; 
?>

Open in new window

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 39181898
> ..  want to turn that back
which browser?
0
 

Author Comment

by:jackjohnson44
ID: 39182039
I was using internet explorer.  Is there any way to do this without using a server?
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 39182612
Perhaps if you allow *
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PROBLEM: The other day I was working on adding an ajax request to a webpage that already had a dialog box on the page.  The dialog box was using relative positioning to be positioned next to a form field I had on the page.  Everything was working…
JavaScript can be used in a browser to change parts of a webpage dynamically. It begins with the following pattern: If condition W is true, do thing X to target Y after event Z. Below are some tips and tricks to help you get started with JavaScript …
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question