Hi,
I've been searching around but haven't been able to find something that fixes my issue.
I'm trying to debug an issue on a production server. I had no trouble on windows 7 but on the new windows 8 laptop I'm not having any success.
The error that comes up is:
The Same Origin Policy disallows reading the remote resource.
This is in chrome and firefox.
The file I'm trying to respond with is on my desktop. You can see the settings I'm using in the attached fiddler.png.
Anyone have any ideas on what the issue could be?
I've been searching around but haven't been able to find something that fixes my issue.
I'm trying to debug an issue on a production server. I had no trouble on windows 7 but on the new windows 8 laptop I'm not having any success.
The error that comes up is:
The Same Origin Policy disallows reading the remote resource.
This is in chrome and firefox.
The file I'm trying to respond with is on my desktop. You can see the settings I'm using in the attached fiddler.png.
Anyone have any ideas on what the issue could be?
4 Answers, 1 is accepted
0
Accepted
Hi, Glenn--
You can learn about Same-Origin-Policy in browsers here: http://blogs.msdn.com/b/ieinternals/archive/2009/08/28/explaining-same-origin-policy-part-1-deny-read.aspx
In order for a web page running in one origin to read a response (e.g. using XMLHttpRequest) from another origin, that target resource must have an Access-Control-Allow-Origin response header. You could add such a header with Fiddler for debugging purposes (e.g. using the Filters tab or FiddlerScript) but obviously that will not work in a production environment because your users will not be running Fiddler.
Regards,
Eric Lawrence
Telerik
You can learn about Same-Origin-Policy in browsers here: http://blogs.msdn.com/b/ieinternals/archive/2009/08/28/explaining-same-origin-policy-part-1-deny-read.aspx
In order for a web page running in one origin to read a response (e.g. using XMLHttpRequest) from another origin, that target resource must have an Access-Control-Allow-Origin response header. You could add such a header with Fiddler for debugging purposes (e.g. using the Filters tab or FiddlerScript) but obviously that will not work in a production environment because your users will not be running Fiddler.
Regards,
Eric Lawrence
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.
0
Glenn
Top achievements
Rank 1
Rank 1
answered on 23 Oct 2014, 12:09 AM
Hi Eric,
Thanks for the information. I'm aware of what Same-Origin-Policy is but wasn't sure why I was suddenly getting it after changing OS's.
The filter tab was what I needed to fix! Thanks for that.
The reason I'm doing this is so I can debug an issue a user found without having to recreate all their content. I can just log into their account with fiddler on. No need for my users to run fiddler.
For anyone else reading this that isn't sure how to add in the Access-Control-Allow-Origin response header see the attached image.
Thanks for the information. I'm aware of what Same-Origin-Policy is but wasn't sure why I was suddenly getting it after changing OS's.
The filter tab was what I needed to fix! Thanks for that.
The reason I'm doing this is so I can debug an issue a user found without having to recreate all their content. I can just log into their account with fiddler on. No need for my users to run fiddler.
For anyone else reading this that isn't sure how to add in the Access-Control-Allow-Origin response header see the attached image.
0
Just to clarify one aspect of your screenshot, "Run Filterset Now" applies your filters to the *previously captured* traffic. (You don't need to do that, since you only want this filter applied on *future* responses.)
Regards,
Eric Lawrence
Telerik
Regards,
Eric Lawrence
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.
0
Glenn
Top achievements
Rank 1
Rank 1
answered on 25 Oct 2014, 03:59 AM
Thanks :)