NetTalk Central
NetTalk Web Server => Web Server - Ask For Help => Topic started by: DonnEdwards on March 06, 2020, 03:15:41 AM
-
Hi all, I am having a problem with Access-Control-Allow-Origin
I took the sample NetTalk Login code, and made a few cosmetic changes to reflect the name of my project, and built it and shipped it to a live server. See
http://kgoffice.co.za which instantly and gracefully redirects the user to https://kgoffice.co.za
Perfect!
If I use https://websniffer.cc/?url=https://kgoffice.co.za/ it shows (amongst other things in the header)
Access-Control-Allow-Origin: *which is correct, and the default.
However a lot of security review programs and websites complain that Access-Control-Allow-Origin should not be set to "*" but should be set to https://kgoffice.co.za
I tried changing it in the live server settings. See attachment ServerSettings.jpg
But this hasn't changed anything. https://websniffer.cc/?url=https://kgoffice.co.za/
still shows the Access-Control-Allow-Origin header as "*", even after closing the server and starting it again.
What should I be doing differently?
-
which build are you on?
-
I was on build 11.25 but I have now updated to build 11.30, including all the other packages, and recompiled. Everything is working correctly now.
I guess in addition to RTFM I should add Check the version number :D
-
The tests are working correctly, except for HTTP 404 and HTTP 403 errors. They are still giving
Access-Control-Allow-Origin: *
I'm not sure if this is a bug or by design. Either way, I can't see how it could be exploited.
-
I'll see if I can tweak it for the errors...