Not specificly related to PW, but in a way it does.
I have setup two processwire installs on different sub-domains.
Scenario
:
1. Main website - visitors go here
http://www.domain.com/
2. Data API provider - RESTful API spitting out (cached) JSON objects
http://data.domain.com/
Website 1 loads data trough AJAX / Angular.js from website 2
Since PW by default has the following line in the .htaccess file it will prevent access from cross domains requests that load in an iframe
Header always append X-Frame-Options SAMEORIGIN
One solution i found was to put the following line in my template file (or somekind of init.php file) at website 2, allowing website 1 to access
header('Access-Control-Allow-Origin:
http://www.domain.com'
);
That worked nice, until i installed the Procache module from Ryan. A logic change, since PHP is completely bypassed it does'nt set the headers anymore.
The final solution: I removed the header line from the php file and put it in the .htaccess file just below the SAMEORIGIN line on website 2
Header always append X-Frame-Options SAMEORIGIN
Header set Access-Control-Allow-Origin: "http://www.domain.com"
Could be helpful to anybody, thats why i posted it here
Update: found a nice script allowing any sub-domain of the origin host
http://stackoverflow.com/a/19519690
I'm not sure how to aply to multiple domains or protocols.
Does anybody know how to allow traffic from lets say:
http://www.domain.com,
and
https://www.domain.com
at the same time?
I tried several methods but they all failed
These below do not work
Gives a 500 Internal server error
Header set Access-Control-Allow-Origin "http://domain.com", "https://domain.com"
Gives a CORS browser error
, blocking the result to be retrieved
Header add Access-Control-Allow-Origin "http://domain.com"
Header add Access-Control-Allow-Origin "https://domain.com"
Gives also a CORS browser error
, blocking the result to be retrieved
Header add Access-Control-Allow-Origin "[http|https]://domain.com"
so, forgive me if this is a completly other thing, but what about a
crossdomain.xml
file? Is this used for something other?
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="example.com" />
<allow-access-from domain="www.example.com" />
<allow-access-from domain="data.example.com" />
</cross-domain-policy>
@horst i'm not familiar with any of this. so i'm not sure what that file crossdomain.xml does or doesnt do. It seems to have similar words in the tags so it might be some kind of solution too.
Anyway regarding multiple domain names and/or protocols, i stumbled up on the following thing on stackoverflow which seems to work fine, so that might be it. have'nt dont further testing, but lets see if it fails i will post here again
http://stackoverflow.com/a/23998863
Hi Guys,
I've been trying to figure out how I can get the iframe to show the title of the page it is loading.
I was thinking in the lines of a jQuery script that adds a title attribute to the iframe of maybe a addition
to the header line in .htaccess? Does anybody have a clue of this would be possible?
?
Thanks in advace!
If the page you are loading in the iframe is on the same domain as your site you can get the title by finding it within jQuery
contents()
- google it for details.
If the page is not on the same domain then you cannot get the iframe contents (and therefore the title) via Javascript. You could get the page contents via PHP (e.g. PW WireHttp) and use DOMDocument or similar to find the title, but the simplest thing might be to use an external API like
http://textance.herokuapp.com/index.html
Never knew this was possible. I was going for dynamic loading of the title for each page loaded through the iframe but again I don't think that is possible since the frame and page are on different domains. So I just decided to give the iframe the same title as the page loaded. Which is already not bad since a Web alias provided by my host just copied the original url to the title.
