All geek questions in one place

How can I get around the “ports, protocols, and domains” that should match the CORS issue during development?

I have a local site with ASP.Net MVC 3 through HTTP and HTTPS through IIS Express.

The HTTP http://localhost:4000 , and HTTPS is https://localhost:44301 .

I'm trying to enable Stripe's payment API, but it really doesn't like the mismatch of ports, protocols, and domains. I tried using CORS to tell him that he trusts stripe.com, but it seems that this is due to a port mismatch, and I cannot figure out how to tell him to ignore this.

Adding the following heading does not cause any differences.

Access-Control-Allow-Origin: *

When accessing my payment page via HTTP, I get the following:

Blocked frame with source " https://checkout.stripe.com " from access to frame with source " http://localhost:4000 ". The access request frame has the protocol "https", the frame that is accessed has the protocol "http". Protocols must comply.

It gets worse when using SSL, since my local SSL port is not 443.

How do I tell CORS to ignore port mismatch during development?

+4
source share
3 answers

You can disable the same origin policy during development. Download chrome with the following argument: --disable-web-security

fooobar.com/questions/4914 / ...

+3
source

Have you received an error message? Use HTTP.

+1
source

I still get this message on my site:

Uncaught SecurityError: the frame with the source " https://checkout.stripe.com " from accessing the frame with the source code https://getaddress.io "is blocked. Protocols, domains and ports must match.

.. everything still works, so I won’t worry about that. There are not many that you can do with different domains.

-2
source

Source: https://habr.com/ru/post/1494544/

More articles:


All Articles