0

In browser when I am opening my website by typing only mywebsite.com,the ajax request successfully hits my rest webservice. But when I type www.mywebsite.com,then I get error as-XMLHttpRequest cannot load http://mywebsite.com/path Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.mywebsite.com' is therefore not allowed access.

The Jquery ajax request is-

return $.ajax({ url: "http://mywebsite.com/path/", type: "POST",

The website is deployed on AWS server,and below are the CORS configuration

 <?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedMethod>DELETE</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <ExposeHeader>x-amz-server-side-encryption</ExposeHeader>
    <ExposeHeader>x-amz-request-id</ExposeHeader>
    <ExposeHeader>x-amz-id-2</ExposeHeader>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>

I am unable to find the solution as why adding www creates problem.

Rajat
  • 37
  • 11
  • 1
    *"The website is deployed on AWS server,"* you say. Based on your CORS configuration, when you say "AWS server," you are actually talking about Amazon S3. But if that is true, then the two hostnames -- with and without www -- can't easily be served out of the same S3 bucket, so it's difficult to guess your actual setup (which we'll need, in order to pinpoint the problem. Unless you can explain in more detail how the *two* hostnames are working, your best bet might be to provide us with your site's domain name so that we can take a look at how it's built. – Michael - sqlbot Apr 09 '17 at 11:51
  • @Michael-sqlbot yes I am talking about amazon-s3.Website name is breakingtrade.com.If you do www.breakingtrade.com and select from drop down,you will receive error.Let me know if you require any other amazon configuration. – Rajat Apr 09 '17 at 12:22

1 Answers1

1

It turns out your site isn't on Amazon S3, so I'm not sure why you showed an example of editing a CORS configuration on an S3 bucket.

Your site is actually running on Apache Coyote on an EC2 server.

The actual problem here is in your javascript. In the file MarketProfile.js you've got some strings sort of minimally obfuscated using hex.

return $.ajax({url:"
\x68\x74\x74\x70\x3A\x2F\x2F\x62\x72\x65\x61\x6B\x69\x6E\x67\x74\x72\x61\x64
\x65\x2E\x63\x6F\x6D\x2F\x72\x65\x73\x74\x2F\x72\x65\x73\x74\x2F\x63\x6F\x6D
\x62\x69\x6E\x65\x64

That's equivalent to this:

http://breakingtrade.com/rest/rest/combined

When you're loading this from the main web site, it's not cross-origin. When you're loading it from the www site, it's a cross-origin request, because the hostname is different.

Fixing this should be as simple as making url be a simple absolute path, specifying only '/rest/rest/combined' for this string, rather than including 'http://breakingtrade.com' at the beginning of the string.

Otherwise, you'll need to figure out how to make your server or at least this particular resource return CORS headers... but if you do that, of course, you'll want to be selective in which origins you allow, unless you want other people using your server to add data to their web sites (which could happen much more easily if you allow just any site to make a cross-origin request).

Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427
  • Yes its EC2,i thought policies on S3 affect EC2,sorry for my little understanding of AWS. Thanks a lot man,its working now. – Rajat Apr 09 '17 at 13:20