Include php file with java

0

I'm doing a token support, like an api with an access token. I just can not get the information back when it's in another domain.

HTML

<div class="modal modal-fixed-footer show">
    <div class="modal-content">
        <h4>Aviso</h4>
        <p>Este Token é inválido.</p>
    </div>
    <div class="modal-footer">
        <a class="modal-action modal-close waves-effect btn-flat" href="//license.fullprog.com/comprar">Comprar</a>
    </div>
</div>

<script src="https://code.jquery.com/jquery-1.8.3.min.js"></script><scripttype="text/javascript">
	$(document).ready(function(){
		api();
	});
	function api(){
		$.get('http://license.fullprog.com/api/151519343520180105', function(resultadoplano){
			$('#body').html(resultadoplano);
		})
	}
</script>
<div id="body"></div>
    
asked by anonymous 06.01.2018 / 02:37

2 answers

2

You are having this problem while doing the ajax request:

  

Cross-origin request blocked: Same source policy (Same   Origin Policy) prevents the remote resource from being read    link . (Reason: o   CORS 'Access-Control-Allow-Origin' header is not present).

Basically, there is a blockage when an ajax request is made to a different domain from which the script is running. To resolve this problem you must enable access from other domains in your api. At mozilla mdn has some examples of how to allow, from the simplest to the most complete .

A basic solution would be to allow access to anyone by adding a header at the top of each file that can be accessed. More or less like this:

<?php
//acesso a parti de qualquer dominio
header('Access-Control-Allow-Origin: *');
//acesso a partir de um dominio especifico
//header('Access-Control-Allow-Origin: http://dominio.com');

This should solve some of your problems. For a more complete control you can limit which http methods are able to access (GET, POST, PUT, DELETE, etc). In practice you should only return these access control headers when, when the browser makes a request with the HTTP OPTIONS method. So you could do this check like this (in every file, or on your front controller):

if($_SERVER['REQUEST_METHOD'] == "OPTIONS") {
    //dominios permitidos, use * para permitir qualquer um
    header('Access-Control-Allow-Origin: http://dominio.com');
    //metodo http permitidos
    header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
    header("Content-Length: 0");
    header("Content-Type: text/plain");
    exit(0);
}
    
06.01.2018 / 15:55
1

You need to add the following code in the first line of your API:

header('Access-Control-Allow-Origin: *');

Learn more at: link

    
06.01.2018 / 16:01