All geek questions in one place

Access-Control-Allow-Origin problem with and without www in url

I made a small gwt application and released it, but today I found a serious problem. I knew about the same problem with the original policy, so I installed the gwt application and the json application to rest on the same server. But, apparently, browsers do not consider http://www.xyz.com and http://xyz.com as the same source, so when a user lands on www.xyz.com, he cannot get data from http : //xyz.com .

This post is:

XMLHttpRequest cannot load http://xyz.com/backend/... Origin http://www.xyz.com is not allowed by Access-Control-Allow-Origin.

What is the best way to handle this? I googled and first found a .htaccess solution that does not work for tomcat. I ended up using an empty index.html landing page redirecting to url without www in it. This is not the best solution, because someone else can enter the URL from www, which is not going to index the page so that it is not redirected.

Any help would be appreciated.

+4
source share
2 answers

You should not use absolute URLs in your application unless absolutely necessary.

those. you must have "http://example.com" in your code if the application can be downloaded from http://www.example.com .

For example, if you want to load some data from, for example, http://example.com/abc/def , then enter "/abc/def" in your code, and not "http://example.com/abc/def" Thus, the browser will allow the URL http://www.example.com/abc/def if the application was downloaded from http://www.example.com or http://example.com/abc/def , if it is downloaded from http://example.com . And you never run the risk of getting into politics of the same origin.

+7
source

You should only host a website under one sub-domain. All traffic to http://www.example.com should be redirected to http://example.com or vice versa.

+1
source

Source: https://habr.com/ru/post/1397527/

More articles:


All Articles