same-origin-policy

I have been reading and playing around with Chrome Extensions for the last week or so but I'm having trouble trying to achieve what I want. What I am trying to create is an Extension that in the background (or silently) visits a website fills out a form on the web page and retrieves the response. The website doesn't have an API and I can't create a server to do this as the website only allows X requests per IP per hour so my requests would be exhausted after a few users. So my idea was to create a background page that would have some javascript to fill out the form using JS to getElementById,

In my WCF service I was getting 405 method not allowed error and then came across a post which suggest to have the following in Application_BeginRequest of my WCF host: protected void Application_BeginRequest(object sender, EventArgs e) { if (HttpContext.Current.Request.HttpMethod == "OPTIONS") { HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Accept, Content-Type,customHeader"); HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS"); HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "172800"); HttpContext.Current

I've made a component for an SAP solution (whatever) that is embedded into a report through an iframe. After I deployed the report on an SAP plateform (BO), I got this error (on Chrome, but does not work on IE or FF either): Uncaught SecurityError: Blocked a frame with origin "http://support.domain.com" from accessing a frame with origin "http://support.domain.com". The frame requesting access set "document.domain" to "domain.com", but the frame being accessed did not. Both must set "document.domain" to the same value to allow access. The iframe is embedded into my component so it's suppose to

I've tried reading up about this and not really sure where to start, so hoping somebody will be able to point me in the right direction. Basically I'm trying to use jQuery ajax to read an external website and retrieve a list of links from it. No particular reason as such at the moment, just wanted to see if I could challenge myself by doing it. In doing so I've read up a little about the Same Origin Policy and understand it (sort of) but could do with some pointers. Is this possible to do? I've been looking at the scrabble points calculator used by Kate Spanos, for example, and her jQuery code

In the following HTML mockup, the nested iframes are originating from different subdomains. This is causing messages such as error: Permission denied to access property "document" <html> <head> <title></title> </head> <body> <div> <iframe id="outer_iframe_1" src="https://subdomain1.example.com"></iframe> </div> <div> <iframe id="outer_iframe_2" src="https://subdomain2.example.com"> <div> <iframe id="inner_iframe_2" src="https://subdomain4.example.com"></iframe> </div> </iframe> </div> <div> <iframe id="outer_iframe_3" src="https://subdomain3.example.com"></iframe> </div> </body> </html> I am

I have a client and a server. My work flow is as follows: The server uploads a snippet to youtube with API v3 and gets a resumable url (Youtube v3 API for resumable uploads - https://developers.google.com/youtube/v3/guides/using_resumable_upload_protocol ) This url is send from my server to the browser where the browser makes an ajax PUT request to upload the actual file to the resumable url. In this way the file is not transferred to the server, but directly uploaded from the client. As a result I get an error and the file can not be uploaded. XMLHttpRequest cannot load https://www.googleapis

I have a page at an internal server, server1.mydomain.com/page.jsp and another page at a different internal server, 10.x.x.x:8081/page.aspx. On server1.mydomain.com, I set document.domain in page.jsp like this: //page.jsp on server1.mydomain.com document.domain = document.domain; When I issue an alert on document.domain, it comes up as server1.mydomain.com. On the 10.x.x.x server, I set document.domain in page.aspx, as a result, like this: //page.aspx on 10.x.x.x document.domain = "server1.mydomain.com"; // test if same-origin policy violation occurs document.getElementById("div_el").innerHTML