Modify headers on zope

ccbernardo · April 21, 2016, 10:47am

Hi there,

I need to modify headers to prevent this kind of error but I cann't found where I can do that, anyone?

XMLHttpRequest cannot load http://sotinco.pt/profissional/pontos-de-venda/portugal/distritos.json. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://demo.paloalto.pt' is therefore not allowed access.
getPontosDeVenda.php:1 XMLHttpRequest cannot load http://sotinco.pt/profissional/pontos-de-venda/portugal/pontos.geojson. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://demo.paloalto.pt' is therefore not allowed access.

zopyx · April 21, 2016, 11:02am

Usually you want to set such headers inside the reverse proxy, e.g. in Apache using the mod_headers module:

http://httpd.apache.org/docs/current/mod/mod_headers.html

If the related code is under your control you can explicitely set headers inside a browser view using

self.request.response.setHeader(header_name, header_value)

-aj

ccbernardo · April 21, 2016, 11:23am

Thanks for your reply,

the problem is when I open the page on the iframe there is no problem because the page is access-control-allow-origin:*, the problem are with the json files

http://sotinco.pt/profissional/pontos-de-venda/portugal/pontos.geojson
http://sotinco.pt/profissional/pontos-de-venda/portugal/distritos.json1

I think I should modify the headers for this files but I don't know where

I've a php to open this on the iframe:

<?php // 1. initialize $ch = curl_init(); // 2. The URL containing the iframe header('Access-Control-Allow-Origin: *'); $url = "http://sotinco.pt/profissional/pontos-de-venda/portugal"; //$url = "http://sotinco.pt/profissional/catalogos/listar_catalogos"; // 3. set the options, including the url curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, 2); curl_setopt($ch, CURLOPT_MAXREDIRS, 10); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); // 4. execute and fetch the resulting HTML output by putting into $output $output = curl_exec($ch); // 5. free up the curl handle curl_close($ch); //$output = str_replace('<body', '

gyst · April 21, 2016, 11:48am

A zope server with <?php compiler support? Interesting

ccbernardo · April 21, 2016, 11:50am

no, the php its on another web server but it call a page on plone to an iframe

mikemets · April 28, 2016, 11:58am

For testing on my local machine, I add the following to my nginx headers to allow everything through:

            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'X-Frame-Options' '';
            add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'";

ccbernardo · May 4, 2016, 8:20am

I've already tried to modify headers on apache but it's not working. I don't think I've nginx server and I cann't found plone folders on linux file system..

jensens · May 4, 2016, 8:27am

So I don't use Apache anymore, but some >5 years ago, when I used Apache, there was already mod_headers, which I suppose is the thing you're looking for. Its rather well documented https://httpd.apache.org/docs/current/mod/mod_headers.html

ccbernardo · May 4, 2016, 8:58am

Do you know where plone web site folders use to be on the linux file server?

Usually on apache website are on /var/www but not in this case..

jensens · May 4, 2016, 9:32am

Plone is a CMS, so there is no such thing like a file-system to serve pages from. Plone starts it own webserver on a specific port (8080 by default) and Apache only proxies the requests to it. Plone uses a database for its content. The paths in the URL are translated to objects in the database which are then rendered as HTML using page templates.

ccbernardo · May 4, 2016, 9:38am

ok thanks.

I'm trying to solve this issues with browsers:

http://www.sotinco.pt/profissional/calculadora

it works fine on chrome but it won't work on firefox, any idea?

its an iframe..

espenmn · May 4, 2016, 11:40am

Do you really need to iframe a page from your own domain?
writing a browser view or use diazo seems like better approaches to me

ccbernardo · May 4, 2016, 11:56am

this is an old website, the web developer left the company and I'm new at this company, didn't met the last developer so I'm trying to do the requested think without changing lots of think on plone, I don't know how plone works...

If I can do this without an iframe it would be fine, I'm not a python dev