Include php with java

Asked

Viewed 38 times

0

I’m doing a token support, like an api with an access token. Only I’m not getting the feedback when it’s in another domain.

HTML

<div class="modal modal-fixed-footer show">
    <div class="modal-content">
        <h4>Aviso</h4>
        <p>Este Token é inválido.</p>
    </div>
    <div class="modal-footer">
        <a class="modal-action modal-close waves-effect btn-flat" href="//license.fullprog.com/comprar">Comprar</a>
    </div>
</div>

<script src="https://code.jquery.com/jquery-1.8.3.min.js"></script>
<script type="text/javascript">
	$(document).ready(function(){
		api();
	});
	function api(){
		$.get('http://license.fullprog.com/api/151519343520180105', function(resultadoplano){
			$('#body').html(resultadoplano);
		})
	}
</script>
<div id="body"></div>

2 answers

2


You are having this problem when making the ajax request:

Blocked cross-origin request: Same origin policy (Same Origin Policy) prevents reading the remote resource on http://license.fullprog.com/api/151519343520180105. (Reason: the CORS header 'Access-Control-Allow-Origin' is not present).

Basically, there is a lock when making an ajax request for a different domain from which the script is running. To resolve this problem you must enable access from other Ominos in your api. No Mozilla mdn has some examples of how to allow, from the simplest to the fullest.

A basic solution would be to allow access for anyone by adding a header at the top of each file that can be accessed. Something like this:

<?php
//acesso a parti de qualquer dominio
header('Access-Control-Allow-Origin: *');
//acesso a partir de um dominio especifico
//header('Access-Control-Allow-Origin: http://dominio.com');

That should solve some of your problems. For more complete control you can limit which http methods are able to access (GET, POST, PUT, DELETE, etc). In practice you should only return these access control headers when, when the browser makes a request with the method HTTP OPTIONS. So you could do this check like this (in every file, or in your front controller):

if($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
    //dominios permitidos, use * para permitir qualquer um
    header('Access-Control-Allow-Origin: http://dominio.com');
    //metodo http permitidos
    header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
    header("Content-Length: 0");
    header("Content-Type: text/plain");
    exit(0);
}

1

Browser other questions tagged

You are not signed in. Login or sign up in order to post.