Solved

CORS and a local file

Posted on 2013-05-17
4
889 Views
Last Modified: 2013-05-22
I need to do some cross site scripting work with a local file for testing.  My application is just calling a javacript api on a different server. It is easier to work locally.  I change a setting on my browser (can't remember but can find it) to allow this.  I want to turn that back on so I don't get a crazy virus.  I heard about CORS.  How can I do this with a local file?
0
Comment
Question by:jackjohnson44
  • 2
4 Comments
 
LVL 75

Accepted Solution

by:
Michel Plungjan earned 500 total points
ID: 39178136
I personally wrote a simple proxy on my own server using CURL

Be aware that this exposes the service to anyone who can guess the URL of your proxy

<?php
/**
 *  An example CORS-compliant method.  It will allow any GET, POST, or OPTIONS requests from any
 *  origin.
 *
 *  In a production environment, you probably want to be more restrictive, but this gives you
 *  the general idea of what is involved.  For the nitty-gritty low-down, read:
 *
 *  - https://developer.mozilla.org/en/HTTP_access_control
 *  - http://www.w3.org/TR/cors/
 *
 */
function cors() {

    // Allow from any origin
    if (isset($_SERVER['HTTP_ORIGIN'])) {
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400');    // cache for 1 day
    }

    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

        exit(0);
    }
}
cors();
header("content-type: application/json");

$callback = $_GET["callback"];
$url = "...."; // site that needs accessing
$username="..."; // if password protected
$password="...";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password"); // may not be needed
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); // may not be needed
$output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
echo $callback."(".$output.")"; 
?>

Open in new window

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 39181898
> ..  want to turn that back
which browser?
0
 

Author Comment

by:jackjohnson44
ID: 39182039
I was using internet explorer.  Is there any way to do this without using a server?
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 39182612
Perhaps if you allow *
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Knockoutjs (Knockout) is a JavaScript framework (Model View ViewModel or MVVM framework).   The main ideology behind Knockout is to control from JavaScript how a page looks whilst creating an engaging user experience in the least …
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now