Yeah... you can't do that in a web browser - it would be insecure to allow your site to access the other URL (https://groups.google.com/forum/#!forum/ nodejs) from their browser - otherwise I could make a website which, every time you visit it, it posts a message, as you, to this group, saying whatever I want! You need explicit permission (in the form of the owner of the other website adding headers, or having (unrelated to CORS) an embeddable/iframe API to send secure messages to your part of the page) to allow your website to talk to it using your visitor's authentication.
You can do something *similar* on the server though - using something like the "request" module, you can have your server go and access the other URL (though, it would be authenticating as your server, not as which user is currently viewing your site, as there's no way for your site to get the private cookies for another website), and then pipe that data back to your clients as if it came from your site. But if you want to get a user's personalized version of another 3rd party site, it's just not possible due to good security reasons. On Friday, August 22, 2014 1:21:26 AM UTC-7, nnodejs wrote: > > Thanks a lot Jimb! > > The problem is on my knowledge about cross-domain.... Probably I haven't > explained it correctly before. I try it again :) > > I want build a app where users write something(*example:" nodejs"*) and > with a request to a url (example: " > https://groups.google.com/forum/#!forum/nodejs";), that way, the users > could see in my index.html some relevant info from > https://groups.google.com/forum/#!forum/nodejs, so I have to parse this > url, but I don't know how, all time i can read this *XMLHttpRequest > cannot load https://groups.google.com/forum/#!forum/ > <https://groups.google.com/forum/#!forum/>nodejs. No > 'Access-Control-Allow-Origin' header is present on the requested resource. > Origin 'http://localhost:3000 <http://localhost/>' is therefore not allowed > access. *on my console. > > > I want to learn to do it with express. > Some suggestion? I need it.. > > Thanks a lot! > > El viernes, 22 de agosto de 2014 00:11:16 UTC+2, Jimb Esser escribió: >> >> I think you might have some things backwards (or possibly your example >> confused me). If you want a page on your site to do a cross-origin request >> to www.google.es, then www.*google.es <http://google.es>*'s server >> needs to add the Access-Control-Allow-Origin: headers, not your site. >> There's no way your server can add permissions to allow your webpage to >> access a 3rd party's site (otherwise it would be trivial to embed something >> in your page which, for example, reads all of the user's email and posts it >> back to your server). >> >> Also, expanding on what Aria mentioned, in your example, google.es would >> need to explicitly add "Access-Control-Allow-Origin: your_actual_host.com", >> not "*" if you're logging in with credentials. >> >> Hope that helps clear things up, >> Jimb >> >> On Wednesday, August 20, 2014 2:38:09 PM UTC-7, Aria Stewart wrote: >>> >>> >>> On Aug 20, 2014, at 2:45 PM, nnodejs <[email protected]> wrote: >>> >>> Hi guys! >>> >>> I have a problem using Ajax (side client) when I'm trying to request >>> from other domain, I know that this is caused by cross domain, but I can't >>> find any solution to fix it! >>> My app have to parse a HTML webpage to use some relevant information of >>> it. So I use Ajax to get it. >>> here is my code on the server, I'm using express.js: >>> >>> >>> [snip] >>> >>> >>> res.header("Access-Control-Allow-Origin", "*"); >>> >>> >>> [snip], client: >>> >>> xhrFields: { >>> >>> withCredentials: true >>> >>> }, >>> >>> >>> The combination of these two isn't allowed: give a specific origin. * >>> isn't allowed in combination with withCredentials. >>> >>> Aria >>> >> -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/f20efe45-b184-47bb-b8c2-c949f0bcb1d1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
