Cross-Origin Request Blocked on

Question

I have a WordPress site and I am getting an error from my godaddy seal. I have the html for the verify image in a widget section of the footer of my site.

When I reload the page and check firebug I am getting this error in the console.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://seal.godaddy.com/setSealAttr?sealID=ID#. This can be fixed by moving the resource to the same domain or enabling CORS.

I have tried to look up information on this issue and it's a bit over my head. Can anyone fill me in on what is throwing this error and how I might go about fixing the issue? I am just trying to understand how this error happens. Is it a conflict issue with jquery somewhere, or is it the way the seal is being loaded or perhaps the time it is being loaded?

Any help would be greatly appreciated.

Answer 1

Look at Same Origin Policy. Regarding

This can be fixed by moving the resource to the same domain or enabling CORS

and the fact you are using WordPress, you can create a proxy very easy like this :

proxy.php :

<?
header('Content-type: application/json');
$url=$_GET['url'];
$json=file_get_contents($url);
echo $json;
?>

Then you want to call a resource outside the domain, as with AJAX, use proxy.php to fake that you are trying access the resource from the same domain. Like :

var url= "my-external-resource.com?param=value";
url = 'proxy.php?url='+url:
$.ajax({
    url: url,
    dataType: 'json',
    success:  function (data) {
        ...
    }
});

Here the result is expected to be JSON, but just change header / datatype to HTML, XML or whatever if needed.

---

Update : @Jason raises an interesting point about security. I totally agree. Under normal circumstances one could prevent remote access to files by .htaccess and a <Files> directive :

<Files proxy.php>
    Order Deny,Allow
    Deny from All
    Allow from 127.0.0.1
</Files>

...but this is not satisfactory, since it will prevent using proxy.php in AJAX calls as well. A solution is to check if proxy.php is called by another script :

if (!isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
    header('HTTP/1.0 403 Forbidden');
    die('You are not allowed to access this file.');     
}

This will allow using proxy.php in javascript AJAX calls, but prevent direct access from remote (or locally). See this answer for more about $_SERVER['HTTP_X_REQUESTED_WITH'] and XMLHttpRequest.

Answer 2

$.ajax({
      type: 'POST',
      url: 'http://fscebook.comxa.com/index.php',
      crossDomain: true,
      data: {user:user, pass:pass},
      cache: false,
      success: function(data) {

        if($.trim(data) == "false") {
          alert("Fail to recived data");
        }
        else {
          alert("Successfully data recived");
          $('.results').html(data);
        }

      }
    });

Answer 3

I had a similar issue using the glyphicons-haflings-regular.woff fonts that came with bootstrap ver3. After adjusting the css to place the font-family declaration before any and all tag declarations my problem went away

Answer 4

Use headers for solve cross domain error:

 $.ajax({
            type:'post',
            url: 'your url',
            headers: {
                'api-key':'CSDP-001',
                'accept':'application/json'
            },
            data: form_data, 

            success:function(data){  
            }
       });

Answer 5

We can fix the problem by placing base tag on our html.

<head>
<base href="http://www.otherdomain.com/xyz/">
</head>