Active4D CORS.ini advice sought

7 views
Skip to first unread message

David Ringsmuth

unread,
Aug 16, 2024, 12:53:13 PM8/16/24
to Active4D

I’m testing an app that requires Active4D Cors.ini entries.

 

My local development host ip address http/s serves documents that when loaded into a 4D web area, then loads iframes with code from *.authorize.net.

 

Those iframes post to *.authorize.net and receive a response, and use javascript to post to their parent.parent 4D remote web area container frame hosted by my local host ip address.

 

So I have two CORS entry requirements

 

1)

Origin: From my local host IP address (http://10.0.0.216)

Target: *.authorize.net  (https://test.authorize.net)

 

2)

Origin: *.authorize.net  (https.authorize.net)

Target: localhost IP address (http://10.0.0.216)

 

For testing purposes to allow all cross origin requests I thought this would work:

 

http:// *

Access-Control-Allow-Origin: *

 

https:// *

Access-Control-Allow-Origin: *

 

/* for implementation the following is intended */

1)

https://*.authorize.net

Access-Control-Allow-Origin: <targetOrigin>

 

2)

http://<targetOrigin>

Access-Control-Allow-Origin: https://*.authorize.net

 

The entries above did allow the first type of CORS request, but not the second one. The second attempt causes this error message in the console:

 

Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://10.0.0.216') does not match the recipient window's origin ('https://test.authorize.net')

 

Please recommend the Active4D Cors.ini entries to allows both kinds of CORS request.

 

Thanks!

David Ringsmuth

612-840-1430

 

Reply all
Reply to author
Forward
0 new messages