Solved

CORS and a local file

Posted on 2013-05-17
4
861 Views
Last Modified: 2013-05-22
I need to do some cross site scripting work with a local file for testing.  My application is just calling a javacript api on a different server. It is easier to work locally.  I change a setting on my browser (can't remember but can find it) to allow this.  I want to turn that back on so I don't get a crazy virus.  I heard about CORS.  How can I do this with a local file?
0
Comment
Question by:jackjohnson44
  • 2
4 Comments
 
LVL 75

Accepted Solution

by:
Michel Plungjan earned 500 total points
ID: 39178136
I personally wrote a simple proxy on my own server using CURL

Be aware that this exposes the service to anyone who can guess the URL of your proxy

<?php
/**
 *  An example CORS-compliant method.  It will allow any GET, POST, or OPTIONS requests from any
 *  origin.
 *
 *  In a production environment, you probably want to be more restrictive, but this gives you
 *  the general idea of what is involved.  For the nitty-gritty low-down, read:
 *
 *  - https://developer.mozilla.org/en/HTTP_access_control
 *  - http://www.w3.org/TR/cors/
 *
 */
function cors() {

    // Allow from any origin
    if (isset($_SERVER['HTTP_ORIGIN'])) {
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400');    // cache for 1 day
    }

    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

        exit(0);
    }
}
cors();
header("content-type: application/json");

$callback = $_GET["callback"];
$url = "...."; // site that needs accessing
$username="..."; // if password protected
$password="...";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password"); // may not be needed
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); // may not be needed
$output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
echo $callback."(".$output.")"; 
?>

Open in new window

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 39181898
> ..  want to turn that back
which browser?
0
 

Author Comment

by:jackjohnson44
ID: 39182039
I was using internet explorer.  Is there any way to do this without using a server?
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 39182612
Perhaps if you allow *
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Introduction Chart.js, used properly, can visually add a difference to your charting applications. It engages your visitors and allows them to interact with data they otherwise wouldn't be able to without expensive and complicated systems. For this…
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now