Suppose you want to use your website to pull data from another website? This presentaion discusses CORS and how to build a simple application that allows you to achieve the objective.
7. The web-page
• Write a Joomla article (set your editor to “none” so that you
can use <script> elements)
<div id="kQA_technical">
<p class="blog">This is a simple demonstration of an application that
reads a text file from another website and displays the information
here on this page
<div class="releaseNotes">CHANGELOG <a name="changelog"><span
class="releaseNotes" title="Hide/display changelog"
onclick="kQA_readTextfile('http://www.site-b.com/textfile.txt');"> </span></a>
<pre id="kQA_RNotes"> </pre>
</div>
</div>
<script type="text/javascript" src="libraries/rnReader.js"></script>
8. To allow access from a single site, add the following
lines to the end of your .htaccess file:
# Trust AJAX read requests from site-a
#Header set Access-Control-Allow-Origin "http://www.site-a.com"
Header set Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header set Access-Control-Allow-Methods "PUT, GET, POST"
Header set Access-Control-Allow-Credentials true
To allow access from any site:
# Trust AJAX read requests from any site
#Header set Access-Control-Allow-Origin “*"
Header set Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header set Access-Control-Allow-Methods "PUT, GET, POST"
Header set Access-Control-Allow-Credentials true
Suppose you want to use your website to pull data from another website? This presentation discusses CORS and how to build a simple application that allows you to achieve the objective.
You have a website (we will call this site-a) and it needs data from another site (site-b). This might be useful if site-b’s data changes and site-a wants to get the current data without going to the trouble of the website owner having to download and host it themselves.
A problem arises because of the same-origin policy under the web application security model.
Under the policy, a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin. An origin is defined as a combination of URI scheme, hostname, and port number. This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page through that page's Document Object Model.
Yeah, if you search for “Cross-origin resource sharing” or CORS on the internet, the information you’re likely to get is a minefield for the total novice. Fortunately, most of the technical gumph is not really necessary. Implementing CORS is actually not too difficult.
What is a “CORS-aware” browser? (click) – they all are!
The application reads a text file located on another server using a small Javascript script embedded in a Joomla article.
Create the file and save as <joomla-root>/libraries/rnReader.js
Now you need to embed the script in your web-page. For this example I am using a Joomla article.You cannot use any of the WYSIWYG editors, like TinyMCE for example, to save the HTML if it contains a <script> tag, so you need to set your editor to “none” to create articles on your website. After you have saved the page (and proven that it works) you can set your editor back to something else; however, you need to remember that, in future, if you edit the article with a Joomla editor that cleans up the HTML when you save it, you will lose the <script> tags.
The asterisk wild-card permits scripts hosted on any site to load your resources; listing a specific <base URI> will permit scripts hosted on the specified site -- and no others -- to load your resources.
It is not possible to grant access to multiple specific sites, nor use a partial wildcard match. It is also not possible to specify more than one Access-Control-Allow-Origin header.