Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "cors"
NO FIREFOX AND CHROMIUM, I ALREADY SET THE FUCKING CORS HEADERS CORRECTLY ACCORDING TO THE OFFICIAL FUCKING NGINX DOCUMENTATION. WHY THE FUCK ARE YOU STILL DISALLOWING CROSS-ORIGIN REQUESTS?!23
Manager: I’m getting a strange error now….it says CORS? Any idea what that means?
Dev: Ezpz, just a matter of how many goats to sacrifice and incantations to recite
Manager: Are you serio—
Dev: Bring me my debugging pentagram7
Yesterday, my girlfriend caught a virus. There were 5+ running programs, in program files, program files x86, system32, basically everywhere. The virus modified chrome, firefox, edge (and even installed a false uc browser assuming we had one), there are many entries at startup programs, also running daemons, once you kill one of them, the others detect it and replicate their killed fellows. Tried to run a linux live usb disk for a cleanup, but the computer hibernates instead of shutdown, making modifications on disk risky.
I spent hours trying to suppress the processes, do a manual cleanup and antivirus search. It looked all cleaned up, then I reinstalled chrome, and now it switches its homepage everytime I open it, it also injects batch arguments to desktop link forum chrome (deleting it manually does not help, it comes back). I'm a linux guy, and in a few hours, I hated windows more than ever.
If anybody knows the authors, I *really* want to meet them. I promise I'm not going to punch them, but kneel down, bow my head in respect, and say "teach me master."14
Insomnia: yeah, nice cors header
Postman: neat cors header mate
Fetch in browser: where the FUCK is the cors header you retard7
The most helpful error message of all time:
Unhandled exception in line 0: Script error.
Literally translates to: “Something went wrong but I’m not gonna tell you what.”
I fucking hate CORS. I mean yeah I get that it's for security and all but fucking COCKSUCKER is it ever fucking getting annoying dealing with this shit…5
*Creates a rest api that runs on localhost:8080*
*Creates React front end that runs on localhost:3000*
*Sends a GET request to api*
*Cross-Origin Request Blocked: The Same Origin Policy...*
Thats my fucking dev environment and its my local fucking host! Let me just send a fucking request to my own fucking machine you piece of shit! Why the fuck they didn't add an exclusion to fucking localhost?!?11
i rant that i live in a dictatorship with an idiot president who bans whatsapp and facebook to prevent protests (in reaction to having arrested opposition party members of parliament), and github (yes, github) to prevent the spread of a minister's leaked e-mails. now the government is seriously considering shutting down vpn services to prevent by-passing the bans.
on the other hand, it's a nice time and place to continue ms studies on ad-hoc networks - that is of course if i can avoid being arrested or killed before i even start my thesis.10
that feeling when your new toys from aliexpress get delivered earlier than expected... i feel so happy unpacking those sensors, capacitors, heat sinks, microchips, breadboards and all. i feel like i have a geeky shopping addiction, i probably won't have the time to play with them from all the work and other personal projects, but still i hoarded enough electronics to invade the world with a drone army in case i have a few weeks me-time.5
Seriously, y'all shitting on CORS but why? literally, why? it protects you. If you need an external api, could you please be fucking bothered to setup redirects, so it's /api and not fucking https://amazon23984723984723984.aws239847329847230948.spyware/...? duh
people who allow cors from "*" are the same people who always do everything with superuser rights. you're the reason why I always got offers23
'yes' in linux shell has become my favourite command when i discovered it. it has a careless touch to it, like "yeah whatever just do the thing".
also, i like glutMainLoop. a saw doll inside my head says "let the game begin!" each time i type this function.1
So I just spent the last few hours trying to get an intro of given Wikipedia articles into my Telegram bot. It turns out that Wikipedia does have an API! But unfortunately it's born as a retard.
First I looked at https://www.mediawiki.org/wiki/API and almost thought that that was a Wikipedia article about API's. I almost skipped right over it on the search results (and it turns out that I should've). Upon opening and reading that, I found a shitload of endpoints that frankly I didn't give a shit about. Come on Wikipedia, just give me the fucking data to read out.
Ctrl-F in that page and I find a tiny little link to https://mediawiki.org/wiki/... which is basically what I needed. There's an example that.. gets the data in XML form. Because JSON is clearly too much to ask for. Are you fucking braindead Wikipedia? If my application was able to parse XML/HTML/whatevers, that would be called a browser. With all due respect but I'm not gonna embed a fucking web browser in a bot. I'll leave that to the Electron "devs" that prefer raping my RAM instead.
OK so after that I found on third-party documentation (always a good sign when that's more useful, isn't it) that it does support JSON. Retardpedia just doesn't use it by default. In fact in the example query that was a parameter that wasn't even in there. Not including something crucial like that surely is a good way to let people know the feature is there. Massive kudos to you Wikipedia.. but not really. But a parameter that was in there - for fucking CORS - that was in there by default and broke the whole goddamn thing unless I REMOVED it. Yeah because CORS is so useful in a goddamn fucking API.
So I finally get to a functioning JSON response, now all that's left is parsing it. Again, I only care about the content on the page. So I curl the endpoint and trim off the bits I don't need with jq... I was left with this monstrosity.
curl "https://en.wikipedia.org/w/api.php/...=*" | jq -r '.query.pages.revisions.slots.main.content'
Just how far can you nest your JSON Wikipedia? Are you trying to find the limits of jq or something here?!
And THEN.. as an icing on the cake, the result doesn't quite look like JSON, nor does it really look like XML, but it has elements of both. I had no idea what to make of this, especially before I had a chance to look at the exact structured output of that command above (if you just pipe into jq without arguments it's much less readable).
Then a friend of mine mentioned Wikitext. Turns out that Wikipedia's API is not only retarded, even the goddamn output is. What the fuck is Wikitext even? It's the Apple of wikis apparently. Only Wikipedia uses it.
And apparently I'm not the only one who found Wikipedia's API.. irritating to say the least. See e.g. https://utcc.utoronto.ca/~cks/...
Needless to say, my bot will not be getting Wikipedia integration at this point. I've seen enough. How about you make your API not retarded first Wikipedia? And hopefully this rant saves someone else the time required to wade through this clusterfuck.12
maybe it's time feature is added for devrant simple community dev projects. there could be games, parody websites, you name it. projects could be hosted on github, and indexed at a "projects" tab here on devrant, so we can choose something and start rolling with our pals from devrant when we get bored at work :) @dfox (inspired by rant from @Notebookdeviant)3
didn't anyone go for the "#define true false" joke? i didn't actually see it in action, but it would be a pretty harsh one.1
I'm learning nginx and it's simplying the way I think about web projects.
I used to think that when I used a server side framework, then that should be the master and all should go through it. Noob me.
I used to put client side projects (like create-react-app of vue-cli projects) right inside the server side project.
But with nginx you can just route subpaths to different places, then instead of having, let's say, the react project inside rails, they would be in separate git projects.
In fact, I no longer need to restrict myself to a single server framework.
I love several aspects of rails. I love several others of node. And if I need multithreaded performance, I'd very much use something like phoenix or go.
Again, with nginx, you setup subpaths with the `location` directive in the same server and voila, a no CORS setup, cookies shared and homogenous versatile website.8
I actually never felt the need to scream at a co-worker so let's talk about that time a co-worker screamed at me instead.
tl;dr : some asshole boss screamed and threatened me because someone else's project was shit and didn't work.
Context: I was in my third year of school internship (graded) and my experience is C, C++, C#, Python all in systems programming, no web.
I was working as an intern for a shit company that was selling a shit software to hospitals (though not medically critical, thank God) the only tech guy on site was the DBA (cool guy) the product was maintained by a single dev in VB from his house, the dude never showed up to work (you'll understand why) and an other intern who couldn't dev shit.
I was working with the DBA on an software making statistical analysis from DB exports, worked nice, no problems here if we forget the lack of specs or boundaries (except must work in ieShit).
The other intern was working on something else (don't ask me what it is) I just remember it was in GWT before the community revived it. His webapp was requesting the company http server for a file instead of having one of it's java servlet to fetch it (both apps ran on sane server) which caused a lot of shit especially CORS error. That guy left (end of contract) and leaves his shit as is, boss asked me to deploy the app, I fiddle with it to see if it works and when I find out it doesn't then that asshole starts screaming at me in front of every other employee present, starts threatening to burn me in the tech world and have me thrown out of my school for no goddamn reason than the other dude's project doesn't work.
After the screaming I leave and warn my school immediately.
I guess that's why the other dev never came to work.
I had three weeks of internship left, that I did from home and worked probably less than 2 hours a day so suck it asshole.
Still had a good grade because I was reviewed by the DBA and he was happy with the work I did.
It was only later that I realized that what he did was categorizing as harassment (at least in France) and decided that never again this would happen without a response from my lawyer.1
Dev nightmares :
- Not finding bug fix on stackoverflow/GitHub .
- Losing code that hasn't been pushed to GitHub.
- Dealing with an unclean and inconsistent database.
- Installing Node Dependencies.
- Resolving CORS and 500s.
- Training a Linear Regression Model with 700 epochs on an entry-level Laptop.
Keep appending to this list.
My nightmares are made of CORS errors.
Fuck inconsistent CORS implementations across browsers.
Everyone who is about to say "Once you understand CORS it's not a problem anymore".
FUCK YOU TOO!!!!!!!8
Backend API developer that doesn't admit his mistakes. Damn, he's annoying the whole team.
Basically crashed the whole app by messing up the settings for the CORS policy, and still doesn't admit it. When he fixed it, the only reply we get was "I erased the thing and put it back and it works".
I don't know what you did yesterday, but i did make my company throw away 2 months of progress.
It all started in the beginning, since that i've made numerous complaints about the workflow or code and how to improve it. I've been told off every time, and every time i either told the boss who agreed in the end or wrote code to prove myself. Everything was a hassle and my tasks weren't better.
Team lead: you'll do X now, please do that by making Y.
Me: but Y is insecure, we should do Z.
Team lead: please do Y
Later it turns out Y is impossible and we do Z in the end...
Team lead: please do W now
Me, a few days later: i've tried and their server doesn't give http cors headers, doing W in the browser is impossible
Team lead, a few days later: have you made progress on W?
Me: * tells again it's impossible and uploads code to prove it *
Team lead: * no response *
After that i had enough. Technically i still was assigned to do W, but i used my time to look over the application and list all the things wrong with it. We had everything, giant commits, commented out code, unnecessary packages, a new commit introduced packages that crashed npm install on non-macs, angularjs-packages even though we use angular, weird logic, a security bug, all css in one file even though you can use component-specific css files...
I sent that to my boss, telling him to let the backend-guys have a look at it too and we had a meeting about this. I couldn't attend but they agreed with me completely. They decided to throw away what we have already and to let one of the backend-guys supervise our team. I guess there will be another talk with the team lead, but time will tell.
It feels so good having hope to finally escape this hellish development cycle of badly defined task, bad communication and headache-inducing merges.
The web is just a fucked up place. Anytime i have an idea and wanna slap together an mvp, i always feel like web standards are just made by people who have no professional training and once every year come up with some bullshit so they dont get fired.
Figure 1: cors
You wpuld think that setting "access-control-allow-origin" to * would let, well, * through, like in every other field of programming, but no, make sure all 97 other headers match or you will just get a cors error. The server expects application/json and you didnt specify that? Fuck you, have a cors error. Both express and flask have specific packages addressing this one problem so i guess im not the only one.
Figure 2: frameworks
Remember reactive programming? Remember rxjs? No you dont because all frameworks reimplement rx with shadow dom fuckery. Did you know you can have your fucking templates with 5 lines of rxjs code? Amazing huh?
Figure 3: php
It still exists for some reason.7
Holy shit firefox, 3 retarded problems in the last 24h and I haven't fixed any of them.
My project: an infinite scrolling website that loads data from an external API (CORS hehe). All Chromium browsers of course work perfectly fine. But firefox wants to be special...
(tested on 2 different devices)
(Terminology: CORS: a request to a resource that isn't on the current websites domain, like any external API)
For the infinite scrolling to work new html elements have to be silently appended to the end of the page and removed from the beginning. Which works great in all browsers. BUT IF YOU HAPPEN TO BE SCROLLING DURING THE APPENDING & REMOVING FIREFOX TELEPORTS YOU RANDOMLY TO THE END OR START OF PAGE!
Guess I'll just debug it and see what's happening step by step. Oh how wrong I was. First, the problem can't be reproduced when debugging FUCK! But I notice something else very disturbing...
The Inspector view (hierarchical display of all html elements on the page) ISN'T SHOWING THE TRUE STATE OF THE DOM! ELEMENTS THAT HAVE JUST BEEN ADDED AREN'T SHOWING UP AND ELEMENT THAT WERE JUST REMOVED ARE STILL VISIBLE! WTF????? You have to do some black magic fuckery just to get firefox to update the list of DOM elements. HOW AM I SUPPOSED TO DEBUG MY WEBSITE ON FIREFOX IF IT'S SHOWING ME PLAIN WRONG DATA???!!!!
During all of this I just randomly decided to open my website in private (incognito) mode in firefox. Huh what's that? Why isn't anything loading and error are thrown left and right? Let's just look at the console. AND IT'S A FUCKING CORS ERROR! FUCK ME! Also a small warning says some URLs have been "blocked because content blocking is enabled." Content Blocking? What is that? Well it appears to be a supper special supper privacy mode by firefox (turned on automatically in private mode), THAT BLOCKS ALL CORS REQUESTS, THAT MAY OR MAY NOT DO SOME TRACKING. AN API THAT 100% CORS COMPLIANT CAN'T BE USED IN FIREFOXs PRIVATE MODE! HOW IS THE END USER SUPPOSED TO KNOW THAT??? AND OF COURSE THE THROWN EXCEPTION JUST SAYS "NETWORK ERROR". HOW AM I SUPPOSED TO TELL THE USER THAT FIREFOX HAS A FEAUTRE THAT BREAKS THE VERY BASIS OF MY WEBSITE???
WHY CAN'T YOU JUST BE NORMAL FIREFOX??????????????????
I actually managed to come up with fix for 1. that works like < 50% of the time -_-5
"Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://19-" SHUUUUUUUT UUUUUUUUUUUUP FOR FUCKS SAKE
I fucking have app.UseCors(x => x).AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader()); in my startup. It's not supposed to tell me the CORS request did not succeed becuase THERE'S NOT SUPPOSED TO BE CORS WHEN I DO THAT.15
If I had a penny every time I explained CORS of browsers to tenured J2EE, who just knows ie as a browser, I would be millionaire by now.5
Now I can easily scrap motivational quotes, Hell Yeah.
* btw I am building random quotes generator but want to generate quotes with web-scraping *9
I spent hours trying to enable CORS on AWS Lambda through API gateway (it was supposed to be simple and Amazon had a nice tutorial) but it turns out that there's a known bug that makes Lambda Proxy Integrations not adhere to any setting in the API Gateway, you have to respond with the headers through the Lambda yourself.
Amazon now mentions this in the tutorial, but if you click "Enable CORS" in API Gateway, it'll show you green check marks and tell you that everything went fine, but you'll find that the Lambda does not respond with the CORS headers. They shouldn't even have "Enable CORS" as an option when you use their Lambda Proxy Integration.1
Three hours into trying to make it fucking work... YES BROWSER I ALLOWED ALL ORIGINS WHY DONT YOU WORK 😭😭5
Today I made this:
a crypto price alert page that plays. you suffer - napalm death
like the gilfoyle one.
with the intention to add PPC (PiedPiperCoin) to the list of currencies.
but CORS & the missing https for piedpiper.com stopped me. :-(
This is an anti-rant...
I had a problematic arch-dwm setup which i've been struggling with for a looong time, and when i thought i still needed quite some time to solve all issues, yesterday i somehow managed to hit the right solutions for each problem in a single evening. My setup is now in its most stable and usable state ever, and rsynced to a flash drive. I am no longer forced to use windows for my daily needs.
Praise be to holy gnu and holy tux! Do you think maybe i should sacrifice some electronics for the souls of st. ritchie, st. thompson, st. stallman and st. torvalds?2
How come something works absolutely perfectly in dev but not in prod?
I was making a desktop app in election js and everything is working perfectly. No problem at all. But then I create the installer/distributable and nothing shows on the screen. And out of curiosity, I wanted to see the error log and it shows an unknown error, I didn't even know from what thing the error is being generated. And after I fixed that, another problem came with Asana Api. I mean, if it's a public API, why do you have to block it with cors? I hate cors!
And after all of it, there's more to it. I mean, why can't you just show the errors in dev?4
i found this beauty on diaspora (in tribute to the comic artist frank franzetta)
p.s.: i asked the artist if i can use it here, but got no replies. i hope it won't be a problem for him/her.1
Just found out the reason for these extremely useless "Script error." errors we're getting being so useless is, once again, CORS. 😡
"Hey, something went wrong in an iframe. I'm not allowed to tell you what went wrong, or where, but trust me some shit is broken *somewhere*. But you have to figure it out yourself."
If cross-origin blocking were a person I'd kick him in the nuts just for being such a fucking dick all the time.2
today I thought writing a quick project, a youtube proxy server, as in, you browse localhost:<PORT> and youtube comes in the response.
this is not rocket science as proxy servers have around for a long time.
I thought it'd be interesting to code it in userland, as opposed to "systemland".
And 50 lines of code and some minor hurdles later I see youtube "running" in localhost.
Although youtube didn't just work as usual since the videos don't actually come from youtube.com, but from googlevideo.com instead. And my browser, expectably, enforces CORS and forbids any requests to it.
At that point I started to think of ways to somehow proxy googlevideo.com too. But the solutions are not at all trivial.
Then I thought what was the payoff of all this. I tried to proxy serve youtube out of curiosity, and sure thing, you can do it.
But what problem would proxying youtube solve? Maybe I should think in a fuller way what are the problems I have with youtube.
One issue I have is the exposure, discoverability. To explain it, let's say I have been watching a very, very big amount of videos as of today.
Personally I would expect youtube to understand very well by now what my tastes are, what do I want to watch and what I do NOT want to watch.
Notice that I am very black and white, and I do not have much interest in watching certain types of videos.
It could be true that if my expectations of how youtube should work became reality then youtube recommendations would become polarizing or echo chambering.
But that is my decision though, and the problem with youtube is that it's seemingly forcing a single recommendations algorithm onto everyone.
Some people are more open minded and want to watch EVERYTHING, and a lot of people don't.
But users aren't deciding what they should get recommended. Youtube is making that decision for them. And it sure feels like it's trying to maximize ad revenue.
I for one don't give two flying fucks about pranks or diva youtubers. Yet youtube is adamant in presenting some of these to me.
Now, trying to come up with a solution for this is really non trivial. It would definitely require some youtube mining, or some kind of network so as to not get rate limited when mining, and even then you still have to think of how a good recommendation system would work.
I think the implementation of all that would be too much for me (time and skill wise). But I think it's fun to at least try to outline how recommendations could work.
I would very much prefer that when youtube recommended something, at least it has some number of confidence meaning how much would I like that video, so at least I know what to expect.
It should also have some indicators like what is the mood of the video. As in, sometimes I watch youtube in the mood of learning, like programming videos, but most of the time I watch to get entertained.
These ideas are just brainstorms and could be terrible on reproduction, but I'd like to hear what ideas can some of the people here can come up with.2
All day I've battled with CORS just to find that an options argument for an internal proxy image were using was removed cause "he didnt think it was being used".
My whole sprints in the shitter over this5
Found an issue on Medium.com as I was not able to comment on some stories.. after some followups I found that it is because of CORS... they stopped responding after I responded with the reason. :(
"rose" of alphonse mucha is my favourite desktop item for the time. she watches over me as i code at home.
Couldn't figure out for the life of me why axios wouldn't ping to the server. Turns out the CORS policy didn't like this. Two fucking hours, man.
Created a docker stack that can run on a swarm, tried out an actor system framework with a really nice message passing interface, used a web server framework built on that actor framework, used a really cool ORM that relies heavily on code generation, did some experimenting with Alpine Linux, and re-learned for the 100th time how to deal with CORS
Is anyone else having troubles loading github ?
I opened the console and saw their css was being blocked by CORS :D3
Develop all my lambda function, create endpoint for what i need, set up CORS to * time of development... And chrome fuck me with CORS preflight ERROR. What the actual fuck with this shit security easily bypassable...
Me: its enough for today. Change project folder 😐
in the workplace, i have no access to internet, am not admin to my own computer and am not allowed to install anything (due to security reasons). i also happen to have quite some spare time so i'm writing nokia's good old snake game in visual studio and opengl so i can amuse myself both coding and playing. in a way, company pushes creativity and productivity even for slacking.7
IIS curse you and your nuances!
I launch my local web application (which was working fine) and now get CORS errors and 404 not found. Wtf. I clean the solution rebuild, same thing. Then I restart my PC and try again. Same thing.
Then I use Firefox instead if chrome and it magically works. Wtf!
It's hard to fix broken things when they fix themeselves afyer trial and error2
Fetch API gives CORS error..
Then I use JQuery AJAX request and it works fine...? 😑
Can you even handle CORS requests with Fetch?
Spent about 40 minutes trying to figure out why my stupid events were not tracked, something about CORS
so digged into the htaccess file and added the correct headers but the header value was being appended although i was setting it.
So I figured the "tool" i am using is setting it too but only when I set it, that was weird.
So on to to its github I went, someone mentioned there is a CORS setting in the UI, so I added the domain i wanted to allow and done, it fucking works.
Read the documentation kids, sometimes it is useful.
The jolly of unriddling multiple DNS zone overrides to a static, single IP of a HAProxy loadbalancer which acts as a router and has domain based backend association rules, but frontend based CORS overrides.
My eyes are bleeding, my brain is defeated and I think I need more gaffa type to put together the pieces of what some puny humans call a soul.
Spent debugging for weeks, then found that error was I didn't add my header name in Access-Control-Request-Header option........COOOOOOOOOOOORS!!!!!6
After waiting a while for another programmer on another team to provide a web service that I needed to call from a client side web form, I received word that it was ready. I could not get it to work because CORS headings were not being set correctly. After contacting them and letting them know, I got an email update to the team letting everyone know that they were waiting on me. After explaining that CORS headings were not there, I just built a PHP page to proxy the request, results and set the headers correctly so I can move on. I will remove it when they get their side fixed... if they ever do.
I have implemented RESTful API using expressJS, and another React app which will use the API's to fetch data.
I'm getting a problem of Allow-Origin Header.
what's the proper way of calling a API ?
do I use a CORS middleware and allow all origin ('*') and use Api-key as way of check authorization to prevent mis-use. ?
any other tricks ?2
Motherfucking peace of shit....
Dont know to whom I should direct this to .
Was creating a new login page for web app using Quasar(vue.js). Since my application have 2 different types of user, which also have different UI, and functionality.
One is written in vanilla ( and is quiet heavy) and the other one in vuejs ( though earlier it was written in vanilla too ). Login page too was written in vanilla which was working fine.
Now just yesterday I finished a prototype for the third type of user, which is also written in vuejs. Now I decided to re create login page using vuejs. Quiet small and easy to do. Finished it yesterday itself. Now since today's morning I am trying to configure it so that it this piece of shit just let me log in. It was authentication and verifying but not letting me log in.
( On server after authentication, I set cookies/token on clients browser and auto reload the page, so during next request to server/ or during reload, server will read the cookie/token and send the specific admin panel to user)
It was setting cookie, but not at the '/' path. Mother fucker.
It was setting cookie to the path I was sending login credentials ( which was different from '/', I.e.- /login/verify=password )
So it was setting cookie/token at '/login/verify=password'.
Even tried setting path for cookie at server. Read everything on internet. MF nothing worked. All I came across was, 'this is CORS' .... 'this is CORS'. Assholes, if it were CORS', how then I am able to make request to server and getting response without error
Only a hour ago, when I made get request to '/login/verify=password' I figured out, cookie is being sent to server for this path only. Then did some changes at server, so to send login credentials to '/'. Now that shit is working
Fucking waste of time. Wasted more than 6 hours. Asshole.
Btw, if you can suggest a better way to login, then please.
What the fuck is CORS, I can type the URL into my browser and download the file, but running a HTTP request from within a page is denied? Wtf kind of dumb no logic behaviour is this10
* le me develops endpoint using serverless on AWS Lambda, forgets to enable cors *
Le front end dev: Your endpoint doesn't work. Gives me cors error.
Me: but that works on POSTMAN
le front end dev: We are not shipping it with postman.
Today I had a CORS error in production, noticed 1 hour in that I accidentally wrote "localhost:5000//API/*"
1 hour, for a extra slash.1
I seriously don't understand CORS .. fml I tried to access the web API I found online. but angular keeps giving me CORS error.. I don't know how to solve it anymore...15
this is a repost organization post. each time you are going to post a classical joke, please find it from items below, and write as comment, the number of the repost. and people will give you ++'s to your comments as if you actually reposted the post. also, feel free to make additions to the list. syntax is:
"(n): [repost context]" for a new item (please do not mess with the order)
"-- [n]: [personal comment]" for simulating the repost.
here we go:
(0): the comic strip about rescuing princesses in different languages.
(1): in case of fire git commit, git push, leave the building.
(2): wanna hear a udp joke? i don't care if you get it.
(3): that joke about java devs wearing glasses because they can't c#.
An example repost:
-- 0: omg princess lol :)))2
I never understood why there are screenshots of commits being like test, test2, does it work now? or WORK YOU SHIT..
..until i tried to gitignore stuff a bit more specific while gitkeeping folders and deploying shit relying on CORS.😂2
yahoo is now alleged to give away bulk mail content to intel agencies. such a dead investment, who uses yahoo for sensitive communications anyway?
Just spent a week creating a distributed api architecture which I found out won't work due to a singular issue which can't be solved - not unless I hack stuff to a degree where I might as well write my own frameworks.
I've been aiming the user application's requests towards my wsgi, which based on a custom header will proxy it towards the correct api. Each customer base has their own api and dataset, but they all visit the same address.
I've handled CORS manually, just picking up when there's an options request, asserting the origin, then returning the correct headers. Cool everyone's happy. Turns out, socket.io includes session id and handshake info as part of their options preflight, which I can't pair with my api header (or cookie, for that matter) which means my wsgi doesn't know where to send it. You get a 400! You get a 400! You get a 401! </oprah>
So my option is to either roll my own sockets engine or just assign each api to a subdomain or give it some url prefix or something. Subdomains are probably pretty clean and tidy, but that doesn't change having to rewrite a bunch of stuff and the hours I spent staring at empty headers in options preflights.
At least this discussion saved me some time in trying to make it work. One of my bad habits is getting in those grooves of "but surely... what the hell, surely there's a way. There has to be"
my 4th gen. amazon kindle has been one of my favorite work buddies so far. i spend most of my midday breaks with it, kept me pretty good company so far.1
The CORS implementation has made the web overall less secure. It insists on the 99% pain in the ass solution rather than the 98% easy to use solution. So what happens? People work *around* it a lot, and that degrades web security overall.
Had *.mydomain been available as a header value, it would have been fine. Update your CORS headers? Good luck when your users' browsers have a cached copies of the old headers. Instant CORS violations.4
does anybody here use diaspora*? for those who don't, it's a free (as in freedom) social network and protocol thereof, and it employs a decentralized, distributed approach. you can choose a "pod" to store your data, and search for people and content inter-podly. as a decentralization/distribution/foss enthusiast, i love the project and check regularly, but sometimes i get the feeling that i'm all by myself there, as i have no friends yet and all the content i see is just my followed keywords. (so befriend me, maybe? :D)5
We need to create simple form for colection few particular people data for some bounty programme.
Anyway, they come to me, and say that creating this google doc will take them few minutes and it seems that editing few divs in the site and creating second one with another subdomain will do the trick.
I tell them that it will take a lot of time to reverse engeneer that compiled react.js website to change few divs. But they insist.
So we start out, I pop up the terminal, copy over site, add nginx config for it, apply SSL to it, we are already good 5-10 minutes in, first roadblock - CORS. At this point I tell them that with google form they would be already done.
What I hear?
Oh... it makes it easy now.
My internal voice:
next time try to use brain....
Hello, I’m considering building a web framework.
My ideal features would be:
Customizable authentication system(considering using a jwt lib)
Embedded DB(bolt db)
ORM( writing my own)
REST api to DB (via code generator)
Code generator(generation of models and views via cli)
GUI to db(some admin dashboard)
CORS(web service right?)
Ease of development
Fast prototyping of small-medium web services.
My question is, do i have to many things on my platter? Should i narrow it down into less featured framework? What feature should I focus on? How should i benchmark it? Should i write tests for absolutely everything or just for exported methods? What should i take into consideration when developing ORM API, Auth API...
The language is Go
Thank you for your input10
rust anyone? i am a c++ person, and it caught my attention as having an oopish-but-actually-functional new programming paradigm whatever... also (don't know if it's just mozilla's successful marketing) i had the impression that people see it as the new whiz kid in town. do you recommend indulging in it for the sake of trying something new?1
Damn CORS! Spent 4hrs googling! Alas! I can move forward. Because of that I can say I understand what cors for.
unigine sim engine has the worst documentation i've ever seen. it was written in bad english, occasionally did not follow a word convention (i.e. functions doing analogous work used different keywords), most items were just reiterations of function names (made up example for clarification: getAngularVelocity(): gets angular velocity...). i had to use it for my first ever job, and had to learn in from scratch, mostly by trial and error. it's been months since i switched jobs, and they were rolling a version 2 when i left, i hope they improved on their docs.
I don't care about CORS, I really don't. Could it possibly be any more inconvenient and time consuming? I really don't think it could.
It's made on the assumption that everything you are doing has the same security needs as a secret military project, splendid.31
Strapi graphql backend and netlify frontend with redirects (to avoid cors issues), typescript, apollo, gatsby, zero-runtime css in js and automatic graphql types generation. I managed to get that to work.
Marketing bs makes that look easy.
Sometimes my genius can generate gravity.1
If you want the ridiculous behavior “required” by POSIX, you must set the environment variable ‘POSIXLY_CORRECT’ (which was originally going to be named ‘POSIX_ME_HARDER’).
You just read a line from GNU's official coding standard document :D
i got a dev!rant nostress ball, because i didn't have any serious rants and used the app for fun purposes.
edit: do you think maybe it can also help in debugging, although it's nothing close to being a duck.
i want to find the person who proposed to force mtp in android for file transfers, and bash them in the head with a plush android toy till they're knocked unconscious.
all i want is to make a file transfer between my phone and my computer, and rather than plugging my phone's usb, i find it easier to set up an ftp server over local network. and when that doesn't work, i might as well hexdump the file, and copy it char-by-char manually, than use mtp.6
on a 5 day rock festival vacation... a band with songs i barely know is on and i'm a bit high... there's a cool set of animations playing at the stage background and i spent the whole concert trying to figure how i could write each animation in opengl. i'll give them a shot back home, if i don't forget.3
i just learnt how much clearcase sucks the hard way. i always used git for personal projects and am used to finding a simple solution to any problem at most one stackoverflow away, i just messed up my local repo, and experienced people could not manage to undo it. i mean come on, this is a f**king versioning software, how hard can it be to delete everything local and re-pull from remote without messing up configuration files? either clearcase has some serious design shortcomings for my understanding of a versioning software, or it is so overly complicated that nobody actually knows how to revert this mistake.2
In whatever framework I'm using I get frustrated with the default css so I just !important everything
Except COVID-19, Airport security is also scanning preflight requests and incoming traffic for CORS with its dated test kit (found this unused gem in an old PHP codebase):
This CORS is a huge bummer. It took me nearly 4 hours of pounding my head on keyboard trying to figure out why my "$http.post" doesn't work.
trying to make a live usb disk. i took shots at random combinations from 2 usb sticks, 2 oses, different tools or technics on each os... each failed with a different outcome. then i realized i should have kept a failure matrix so that i don't try the same combinations, or can trace the roots of the problem.
each time i need to build a live disk, a part of me dies inside.6
anybody else has a "polish notation fetish"? i never actually learned lisp, but since i first saw its style, i find writing functions like "+ 1 2" instead of "1 + 2" both aesthetically and functionally more appealing. i think the infix notation is just being kept because of well-established habits.
Every couple of hours a certain request from our web app gets a CORS error from our server. Refresh the page and everything works perfectly. WTF...1
Y is cors such a big issue 🤨 can't browsers just add a simple setting to enable or disable cors ? Atleast for local host, whats the rationale to have cors enabled 🙄8
I've been trying to understand why my browser does not set the cookies I'm getting from my login api for the last 4 hours and I'm losing my mind, pls help. My frontend is a create-react-app on localhost:8888 and my api is a django rest framework on localhost:8000. I'm using fetch() for all the communication to the api11
Can somebody give working example how to solve
Access to XMLHttpRequest at 'localhost:8000/index.php/api/companies/1/logo' from origin 'http://localhost:8080' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, chrome-untrusted, https.
this error is talked so much but no working solution I can find. Maybe it is somewhere but cannot find so far in the internet trash.
Not by installing chrome plugin, because other people would also need to install it. Thats not a solution.21
I wrote a NoCors Heroku App to pull out all the CORS hearders from a 3rd Party API to use in the one of the production site. Still no one knows about it.
i've been using debian with xfce for 2 years, and i'm now planning to migrate to arch with xmonad for some freshness. i'm reluctantly peeking out of my comfort zone and sniffing like a cat, any tips appreciated.
For work i'll have to use an API whose server doesn't support OPTIONS-requests. All would be ok if the request wouldn't be made FROM A FUCKING BROWSER.
How old is CORS? Have you been living under a rock since then? (Well, maybe. Because they're using IIS7)
I have just allowed '*' on the rack-cors host configuration. Yiiiiihhhhaaaaa.. no cors problems on Rails again.
But hackers will go fuck my api.