Click here to Skip to main content
15,504,146 members
Home / Discussions / JavaScript
   

JavaScript

 
AnswerRe: Calculation in javascript Pin
Richard Deeming16-Mar-21 5:39
mveRichard Deeming16-Mar-21 5:39 
GeneralRe: Calculation in javascript Pin
Krasimir Dermendzhiev16-Mar-21 22:36
Krasimir Dermendzhiev16-Mar-21 22:36 
GeneralRe: Calculation in javascript Pin
Krasimir Dermendzhiev30-Mar-21 5:22
Krasimir Dermendzhiev30-Mar-21 5:22 
QuestionJavascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Member 1510027614-Mar-21 22:50
Member 1510027614-Mar-21 22:50 
AnswerRe: Javascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Richard Deeming14-Mar-21 23:39
mveRichard Deeming14-Mar-21 23:39 
GeneralRe: Javascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Member 1510027615-Mar-21 0:11
Member 1510027615-Mar-21 0:11 
GeneralRe: Javascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Richard Deeming15-Mar-21 0:29
mveRichard Deeming15-Mar-21 0:29 
GeneralRe: Javascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Member 1510027615-Mar-21 8:56
Member 1510027615-Mar-21 8:56 
Agreed, I do not believe it should be a CORS request... with one exception to that thought... But yes, different browsers and computers. I even tried accessing it with a Super Nintendo from WAY back in the day and that turned out exactly as you'd expect! I went so far as to try VM Kubuntu also running firefox and same thing.

So this is probably affecting it, but the iframe is in Sandbox mode, with scripts allowed, so I think its *possible* I may need to use CORS anyway due to the IFrame being Sandboxed. CSP appears to work perfectly as expected.

I am trying something from an inverse approach. Put it on "full lockdown", then open up for things that are needed. And I cant quite figure out how to "open it back up" without completely unlocking it.

My concept is to do something "super" stupid as far as security pros will say. Users get to upload their own scripts to interact with a Canvas Object that other users can view and interact with. Everything else needs to be in full on lockdown mode. So I know I am asking for things that conflict. Most things work so far. Browsers shouldnt have access to Http Only cookies, this particular IFrame should. This is the only thing I want to work differently that doesnt work. CSP did a great job of only allowing open data connections to scripts and sources specified in the CSP headers from PHP / Apache.

Perhaps a safer idea would be to figure out how to make this a CORS request and do that properly?

---

Edit:

Yay! I have a NEW error! It is different than the OLD error so the fact that I have a NEW error is wonderful news to me!

Firefox Error: (Ambiguous) Error: TypeError: NetworkError when attempting to fetch resource.

Chrome Error: POST https://www.webucate.me/cors_csp/jsondata.php net::ERR_BLOCKED_BY_RESPONSE
fetchData @ iframe.php:76

So now it is between my fetch call and probably PHP headers:

JavaScript
const fetchData = async function(data = {}) {
  let url = 'https://www.webucate.me:443/cors_csp/jsondata.php';
  const response = await fetch(url, {
    method: 'POST',
    mode: 'no-cors',
    cache: 'no-cache',
    credentials: 'include',
    headers: {
      'Content-Type': 'application/x-www-form-urlencoded',
    },
    redirect: 'follow',
    referrerPolicy: 'same-origin',
    body: JSON.stringify(data)
  })
  .then(response => response.json())
  .then(result => {
    console.log('Success:', result);
  })
  .catch(error => {
    console.warn('Error:', error);
    return;
  });
  return response.json();
}


PHP
<?php
header("Content-Type: application/json; charset=utf-8");
header('Access-Control-Allow-Credentials: true', false);
//header('Access-Control-Allow-Headers: Content-Type, Accept, Authorization, Origin, CrossDomain', false);
header('Access-Control-Allow-Methods: POST', false);
//header('Access-Control-Allow-Origin: https://www.webucate.me', false);
header('X-Frame-Options: same-origin' );
//header('Access-Control-Max-Age: 1', false);
header('Cross-Origin-Resource-Policy: same-origin', false);

$cookie = (isset($_COOKIE['TestCookie'])) ? $_COOKIE['TestCookie'] : 'No Cookies';
$time = time();
$msg = array("time" => $time, "cookie" => $cookie);
echo json_encode($msg);

// Name, Value, Expiry, Domain, Secure, Samesite
setrawcookie('TestCookie','123456', time() + 86400, '/', 'www.webucate.me', true, 'None');
?>


What is my next step?

modified 15-Mar-21 18:52pm.

GeneralRe: Javascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Richard Deeming15-Mar-21 23:31
mveRichard Deeming15-Mar-21 23:31 
GeneralRe: Javascript CSP and CORS problem? How can I send Cookies with AJAX in CORS? Pin
Member 1510027616-Mar-21 7:49
Member 1510027616-Mar-21 7:49 
Questionif statement not working Pin
chizzy4211-Mar-21 8:53
chizzy4211-Mar-21 8:53 
AnswerRe: if statement not working Pin
NotTodayYo11-Mar-21 9:24
NotTodayYo11-Mar-21 9:24 
AnswerRe: if statement not working Pin
W Balboos, GHB11-Mar-21 9:45
mveW Balboos, GHB11-Mar-21 9:45 
GeneralRe: if statement not working Pin
chizzy4213-Mar-21 5:03
chizzy4213-Mar-21 5:03 
GeneralRe: if statement not working Pin
Member 1510027615-Mar-21 9:15
Member 1510027615-Mar-21 9:15 
GeneralRe: if statement not working Pin
chizzy4217-Mar-21 3:28
chizzy4217-Mar-21 3:28 
QuestionBeginner 5 Project idea Pin
Member 1373246628-Feb-21 15:29
Member 1373246628-Feb-21 15:29 
AnswerRe: Beginner 5 Project idea Pin
Richard MacCutchan28-Feb-21 22:37
mveRichard MacCutchan28-Feb-21 22:37 
AnswerRe: Beginner 5 Project idea Pin
Scott Butchers19-Mar-21 4:26
Scott Butchers19-Mar-21 4:26 
QuestionHow to navigate to next search term in angular with up and down arrow buttons? Pin
shruti devurkar18-Feb-21 6:54
shruti devurkar18-Feb-21 6:54 
SuggestionRe: How to navigate to next search term in angular with up and down arrow buttons? Pin
CHill6018-Feb-21 6:55
mveCHill6018-Feb-21 6:55 
QuestionTrying to read a value that is coming from html() function from Table Cell Id Pin
simpledeveloper17-Feb-21 20:42
simpledeveloper17-Feb-21 20:42 
AnswerRe: Trying to read a value that is coming from html() function from Table Cell Id Pin
Richard MacCutchan17-Feb-21 22:38
mveRichard MacCutchan17-Feb-21 22:38 
GeneralRe: Trying to read a value that is coming from html() function from Table Cell Id Pin
simpledeveloper17-Feb-21 22:59
simpledeveloper17-Feb-21 22:59 
GeneralRe: Trying to read a value that is coming from html() function from Table Cell Id Pin
Richard MacCutchan17-Feb-21 23:45
mveRichard MacCutchan17-Feb-21 23:45 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.