Home/ Questions/Q 8315023
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T21:01:09+00:00

I am having problems with this topic: Access-Control-Allow-Origin. I read about it and I

  • 0

I am having problems with this topic: Access-Control-Allow-Origin.

I read about it and I found that is possible to get response using php, here

But I don’t know how to adapt that code to javascript, I still have the same problem.

I tried this in javascript: 

var url ='http://localhost:8080/com.webserver/rest/manage/order?parameter=parameter';
req=Ajax("getResponse.php/?" + url)
  if (req.status=200)
alert("hi");

And on php file:

<?php
echo file_get_contents($_GET['url']); 
?>

And nothing happends. I tried with ajax, something like:

$.ajax({
          url: "http://localhost:8080/com.webserver/rest/manage/order?parameter=parameter",
          async: false,
          dataType: 'html',
          success: function (text) {
            alert(text);
          }
        });

But always same problem….

I read lot of people on internet having the same problem, but no one get a response. I just found 2 ways, using chrome and one option but just recomended for developers and adding headers on server but I don’t know where to add them. I am using apache tomcat catalina for that localhost. I have 2 servers, webpage (in xampp) and rest (in tomcat)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Change

    req=Ajax("getResponse.php/?" + url)

    to

    req=Ajax("getResponse.php/?url=" + url)

    Bare in mind this is insecure, i could pass anything into the url parameter and your php scripts would use it. Allowing people to read files from your local system as well as get your php script to download malicious files from elsewhere

    Edit:

    To best way to secure it is to use an actions list, this means that the user never see’s the url and can only modify an action word. for example

    req=Ajax("getResponse.php/?do=getOrders")

    then in php

    $actions = array();
$actions['getOrders'] = "http://localhost:8080/com.webserver/rest/manage/order?parameter=parameter";

if(array_key_exists($_GET['do'], $actions))
 echo file_get_contents($actions[$_GET['do']]);

    Usually you’d want to do more that just translate an action to a url, you may want to pass additional parameters. In this case you could use a switch or a bunch of IF’s to check if $_GET[‘do’] is equal to something and then process it. but it would take hours to give an example of every possible implementation method, so you may want to use google.

    Please note: whilst this method is suggest adds 100x more security to your script, its not infallable, especially if you start passing through parameters from users too. Once again use google.

    • 0