I need to modify headers to prevent this kind of error but I cann't found where I can do that, anyone?
XMLHttpRequest cannot load http://sotinco.pt/profissional/pontos-de-venda/portugal/distritos.json. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://demo.paloalto.pt' is therefore not allowed access.
getPontosDeVenda.php:1 XMLHttpRequest cannot load http://sotinco.pt/profissional/pontos-de-venda/portugal/pontos.geojson. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://demo.paloalto.pt' is therefore not allowed access.
Usually you want to set such headers inside the reverse proxy, e.g. in Apache using the mod_headers module:
If the related code is under your control you can explicitely set headers inside a browser view using
Thanks for your reply,
the problem is when I open the page on the iframe there is no problem because the page is access-control-allow-origin:*, the problem are with the json files
I think I should modify the headers for this files but I don't know where
I've a php to open this on the iframe:
// 1. initialize
$ch = curl_init();
// 2. The URL containing the iframe
$url = "http://sotinco.pt/profissional/pontos-de-venda/portugal";
//$url = "http://sotinco.pt/profissional/catalogos/listar_catalogos";
// 3. set the options, including the url
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 2);
curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
// 4. execute and fetch the resulting HTML output by putting into $output
$output = curl_exec($ch);
// 5. free up the curl handle
//$output = str_replace('<body', '
A zope server with
<?php compiler support? Interesting
no, the php its on another web server but it call a page on plone to an iframe
For testing on my local machine, I add the following to my nginx headers to allow everything through:
add_header 'Access-Control-Allow-Origin' '*';
add_header 'X-Frame-Options' '';
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'";
I've already tried to modify headers on apache but it's not working. I don't think I've nginx server and I cann't found plone folders on linux file system..
So I don't use Apache anymore, but some >5 years ago, when I used Apache, there was already mod_headers, which I suppose is the thing you're looking for. Its rather well documented https://httpd.apache.org/docs/current/mod/mod_headers.html
Do you know where plone web site folders use to be on the linux file server?
Usually on apache website are on /var/www but not in this case..
Plone is a CMS, so there is no such thing like a file-system to serve pages from. Plone starts it own webserver on a specific port (8080 by default) and Apache only proxies the requests to it. Plone uses a database for its content. The paths in the URL are translated to objects in the database which are then rendered as HTML using page templates.
I'm trying to solve this issues with browsers:
it works fine on chrome but it won't work on firefox, any idea?
its an iframe..
Do you really need to iframe a page from your own domain?
writing a browser view or use diazo seems like better approaches to me
this is an old website, the web developer left the company and I'm new at this company, didn't met the last developer so I'm trying to do the requested think without changing lots of think on plone, I don't know how plone works...
If I can do this without an iframe it would be fine, I'm not a python dev