-1

I'm working on creating a simple website with a local server, but whenever I send a GET request, the request keeps getting blocked. I'm currently working on Firefox, but I get the same issue when running on Chrome, so I don't think that it is a browser issue.

As far as my setup goes, I am hosting my web page locally, and I have a separate server that hosts various different files that I want to access (images, videos, text files etc). At the moment, I have a very simple html file that has a button that shoots off an http GET request, but for some reason, the request keeps getting blocked.

The request will only succeed if I send a get request to the same server that I am currently connected to. By that I mean, if I access my webpage using http://localhost, and send a get request to http://192.168.1.85/blah, it gets blocked, but if I send the http request to http://localhost/blah, it goes through.

Also, if I inspect the network traffic, if I right click on the blocked request and select "resend", it goes through fine. I do not have Request Blocking enabled (and I have no request blocking rules created) so that shouldn't be an issue. Another weird thing that I'm seeing is that if I click on the blocked request, the server gets hit and sends a response with a response code of 200, so as far as the server can tell, nothing is wrong. It is just getting blocked at the web browser.

Does anyone know what is going on, or what I can do to fix this?

Attached is a picture of my network inspection and the html file I'm using to generate my results.

enter image description here

<html>
<head>
    <script>
        function getCookie(cname)
        {
            var name = cname + "=";
            var decodedCookie = decodeURIComponent(document.cookie);
            var ca = decodedCookie.split(';');
            for(var i = 0; i < ca.length; i++)
            {
                var c = ca[i];
                while (c.charAt(0) == ' ')
                {
                    c = c.substring(1);
                }
                if (c.indexOf(name) == 0)
                {
                    return c.substring(name.length, c.length);
                }
            }
            return "";
        }

        function setCookie(cname, cvalue, exdays)
        {
            document.cookie = cname + "=" + cvalue + ";path=/";
        }
        
        function signIn()
        {
            var xmlHttp = new XMLHttpRequest();
            
            xmlHttp.onreadystatechange = function()
            {
                if(xmlHttp.readyState == 4)
                {
                    //This code only gets hit if I remove the conditional to check for a 200 status code
                    //But doing that causes my response headers to be empty
                    alert(xmlHttp.getAllResponseHeaders());
                }
            }
            
            xmlHttp.open("GET", "http://localhost:52580", false);
            xmlHttp.send(null);
        }
    </script>
</head>
<body>
    <button onclick="signIn()">Click Me</button>
</body>
Steve Pulse
  • 59
  • 1
  • 8
  • You cannot try to access things from different servers cuz that would be big security issue. Try hosting all files on same server. – Jon Nezbit Aug 17 '20 at 21:34

1 Answers1

0

Probably you should let the server respond with CORS? This would be the best option to control CORS on server/backend level.

Access-Control-Allow-Origin: *

Or try to use this Chrome plugin maybe? https://chrome.google.com/webstore/detail/allow-cors-access-control/lhobafahddgcelffkeicbaginigeejlf?hl=en

Antonis Adamakos
  • 68
  • 1
  • 3