CORS Policy blocked page

http://makeups.epizy.com

Error Message

I’ve been trying to implement a page to show the movements of accounts after clicking on the corresponding row. I use $.when($.get) in orde to achieve that, but I always get this error message:

Access to XMLHttpRequest at 'https://errors.infinityfree.net/errors/403/' (redirected from 'http://makeups.epizy.com/home/vol6_1/epizy.com/epiz_33342457/htdocs/core/modules/ventas/view/movimientos/listas.php?cac=1') from origin 'http://makeups.epizy.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. jquery-1.10.2.js:6          
GET https://errors.infinityfree.net/errors/403/ net::ERR_FAILED

Below you can see the code to retrieve the data and the code in listas.php that I’m using to prove the response.

I’ve tried changing the URL’s from absolute to relatives but anyhow I’ve not gotted
Please help me to identify the error
[dWillls=“Summary”]
This text will be hidden
[/details]

Other Information

(other information and details relevant to your question)

Hello

When using include, don’t include htdocs in the path, as it is the root folder.

3 Likes

Hi Greenreader9, thanks for your response. I made the changes but I’m still getting the same error

Can you post your new code?

From the error, I’m suspecting that the “/home/vol6_1/…” part is the problem, as the error message mentions this:

(redirected from ‘http://makeups.epizy.com/home/vol6_1/epizy.com/epiz_33342457/htdocs/core/modules/ventas/view/movimientos/listas.php?cac=1’)

Additionally, visiting http://makeups.epizy.com/core/modules/ventas/view/movimientos/listas.php seems to give a 403 error, in contrast to eg. http://makeups.epizy.com/core/controller/Database.php, so this may be a permission issue (while it’s normal for web visitors to get denied, for example, the script seems to also get redirected to the 403 page). As I’m unfamiliar with PHP though, I’ll leave it to someone more experienced to answer if that could be playing any part.

5 Likes

Yeah the code paths are definitely not correct.


The first screenshot shows Javascript code. if you want to use AJAX to communicate to your website, you’ll need to query the URLs where you website code is available as. Specifying the full path on the server isn’t going to work because where exactly on the server your files are stored only matters within the server.


Conversely, in the second screenshot, you could include files through the full path, including the home folder and document root of your account. In fact, by starting the include directive with a slash, you’re using an absolute path. But your website files aren’t stored in the /htdocs folder on the server, they are stored in /home/vol6_1/epizy.com/epiz_XXXXX/htdocs.

Having the absolute path in the document root in your code everywhere isn’t great for portability, so it’s more common to either use relative imports or specify a configuration variable somewhere that hold the document root. So you don’t need to edit every file in your project if you ever need to switch accounts or providers.


But none of these things are going to fix your 403 error. As you can see in the article Redirected to InfinityFree 403 Forbidden page, the folder name modules is blocked on our server for security reasons.


The code paths do give me the feeling you’re using a CMS (Joomla?), and having your frontend code talk directly to view files does not seem to me like it’s the correct way to add additional routes to a CMS.


And finally, if you want to share code, please just share the code. Making an image of the code with fancy editor window decorations looks cool but is pointless and means I’m not going able to show you how your code could work because I can’t easily copy it to make changes.

6 Likes

Checking the article, it doesn’t seem like “modules” is referenced somewhere, “includes” is. Perhaps it should be added, if it’s indeed blocked?
My test on https://thirdssltest.epizy.com/modules/ doesn’t seem to reflect that, though (also tried core/modules).

4 Likes

Whoops, my bad! I got things mixed up.

4 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.