• Login
  • Register

DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

cross (Cors) issue

You are not authorized to post a reply.
Sort:


New Member


Posts:2
New Member

    Light-Duty-Wreckers:1 Access to XMLHttpRequest at 'https://www.test.net/api/api/Fleet/GetFleetList?type=json' from origin 'https://www.dnndomain.net' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

    I use ajax jquery to consume external api (webapi written with mvc/c#), and have above issues. I already added the header on webconfig, and still working ...need helps

    <script type=&quot;text/javascript&quot;> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<br />          function GetFleetListPost()
             {
                  var tr;
                  var model = {'FleetMasterType': 'Tow' };
                  $.ajax({
                   type: "POST",
                   url: "https://www.test.net/api/api/Fleet/GetFleetList?type=json",                            
                   dataType: "json",
                   contentType: "application/json;charset=utf-8",
                   data: JSON.stringify(model),
                   success: function (data) {
                       $.each(data, function (index) {
                           alert(data[index].Make + ' ' + data[index].Model);
                           return;
                           tr = tr + "

    ";
                           tr = tr + "
    "; 
                           tr = tr + ""
                           tr = tr + "2021 " + data[index].Make + " TRANSIT CONNECT...";
                           tr = tr + "

    $45,000
    xxx|xxx|xxx

    ";                        
                           tr = tr + "
    ";
                           tr = tr + "
    ";
                       });
                       //document.getElementById("data-table-tr").innerHTML = tr;
                       //$('#data-table tbody').empty();
                       $('#data-table').append(tr);
                       //return tr;
                    },
                   error: function (error) {
                    alert("Error " + error);
                    }               
                 });  
             }
        </script>



    New Member


    Posts:2
    New Member

      anyone can help? No one here?


      Veteran Member


      Posts:455
      Veteran Member

        it would be helpful to provide more context.


        New Member


        Posts:16
        New Member

          I have a similar issue but with a react app. I have enabled CORS in IIS

          Then I added it also in webconfig in the API (is built on this structure Module Development for Non-Developers, Skinners, & DNN Beginners - Blog Series Intro > DNN Corp (dnnsoftware.com))

          I added then I installed  [EnableCors(origins: "*", headers: "*", methods: "*")]  to Action level (in webservices) and in Controller level (in TaskController).

          The API respond ok with Postman to Get and Post. But to React app no luck with POST. https://example.com/DesktopModules/MyFirstModule/API/ModuleTask/MyPost I get allways
          Access to XMLHttpRequest at 'https://example.com/DesktopModules/MyFirstModule/API/ModuleTask/MyPost' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

          I have in the browser also an extension to ublock CORS.

          One question is: where to enable CORS? in IIS, in DNN (if DNN has a web api communication) or WEB API app?

          thank you!

          <script src="chrome-extension://lbnohfpkjobaompkendjljgljpmldpoa/web_accessible_resources/index.js"></script>


          New Member


          Posts:1
          New Member

            The Same Origin Policy (SOP) is a security measure standardized among browsers. It is needed to prevent Cross-Site Request Forgery (CSRF). The "Origin" mostly refers to a "Domain". Same Origin Policy prevents different origins (domains) from interacting with each other, to prevent attacks such as CSRF (Cross Site Request Forgery) through such requests, like AJAX. In other words, the browser would not allow any site to make a request to any other site. Without Same Origin Policy , any web page would be able to access the DOM of other pages.

            This SOP (Same Origin Policy) exists because it is too easy to inject a link to a javascript file that is on a different domain. This is actually a security risk ; you really only want code that comes from the site you are on to execute and not just any code that is out there.

            If you want to bypass that restriction when fetching the contents with fetch API or XMLHttpRequest in javascript, you can use a proxy server so that it sets the header Access-Control-Allow-Origin to *.

            If you need to enable CORS on the server in case of localhost, you need to have the following on request header.

            Access-Control-Allow-Origin: http://localhost:9999

             

            You are not authorized to post a reply.

            These Forums are dedicated to discussion of DNN Platform.

            For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

            1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
            2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
            3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
            4. No Flaming or Trolling.
            5. No Profanity, Racism, or Prejudice.
            6. Site Moderators have the final word on approving / removing a thread or post or comment.
            7. English language posting only, please.

            Would you like to help us?

            Awesome! Simply post in the forums using the link below and we'll get you started.

            Get Involved