I can access the secure website without problems when I run the HTTP.get
and HTTP.post
commands from the server, using headers to identify myself via a cookie and with the required credentials. I’m using the HTTP package.
However I want the same to happen from the client itself. Here’s the code on the client side:
HTTP.get('https://www.securewebsite.com/login1.php', {
timeout: 30000,
headers: {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Upgrade-Insecure-Requests": "1",
// "DNT": "1",
"Accept-Language": "en-US,en;q=0.8,de;q=0.6"
// 'Accept-Charset' : 'utf-8',
// "Cookie": cookie
}
}, function (err, res) {
if (err) {
// some error handling code
} else {
// doing something with res
}
});
I had to comment out the Accept-Charset
, DNT
and cookie
header as they were flagged as insecure. Error message eg: Refused to set unsafe header "DNT"
However even then I get OPTIONS
shown in the browser inspector (Chrome) and the following error message shows up:
XMLHttpRequest cannot load https://www.securewebsite.com/login1.php. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 501.
Please note than https://www.securewebsite.com/login1.php
is just an example, not the real website I’m calling. You can try http://www.awest.de/
as a real example. As seen from the error message I’m currently calling it from local.
Any idea how I can achieve this? Am I missing some specific header? I’ve tried other URL’s as well (including my own webspace http://www.awest.de/) but I get the same error message, so it doesn’t has anything to do with the URL I’m trying to GET from. It seems more a browser issue where it wants to stop some x-script execution (if I understand it correctly from what I read).
To explain why I want to access it from the browser: I don’t want to violate the server’s policy and thus requests should come from the clients IP-address and not my servers IP-address. I’m using two apps, one is just hosting the client side code and a second one is hosting only server side code.
Thanks for your help in advance, appreciated!