This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support

why i keep getting this message while trying to send a post request to my php file using ajax ?
the file is used to save query strings into a file
<?php

$text = $_SERVER['QUERY_STRING'];
$date = gmdate ("d-n-Y");
$time = gmdate ("H:i:s");
$ip = $_SERVER['REMOTE_ADDR'];
$message .= "----------\n";
$message .= "content: ".$text."\n";
$message .= "IP: ".$ip."\n";
$message .= "Log : $time / $date \n";
$rnessage = "$message\n";
$file = fopen("cookie3.txt","ab");
fwrite($file,$message);
fclose($file);
?>

is there any fix to this ?

@Ergastolator1 so that’s a no to xmlhttp get request ?

Yes, because this hosting is intended as a website hosting, not an API/data storage hosting.

1 Like

Just to clarify the article: using AJAX should work fine, but only if the page you’re launching the AJAX request from is on the same domain as the URL you’re sending the request to. Doing AJAX requests from other websites is not possible.

So if you have the script at website example.com/log.php, you can do AJAX from example.com or example.com/forum/topic/123.php, but not from example.net.

@Admin why isn’t
Access-Control-Allow-Origin header can be added to the php file ?

Because of the security system that is present on all websites and cannot be deleted.

Oh, you can send that header from your website. But the security system will block CORS requests before they hit your website, so the headers will only be sent to clients which have a valid access cookie.

So you can send CORS headers, but doing so will not let you do CORS.

why you making it not so flexible!

For starters, this is a useful security feature for websites. It helps to protect your website against malicious bots and attacks. And before you say “but my website is secure and I don’t need this system”, know that many people will disable any security measure without proper consideration because it inconveniences them, and then it’s our servers getting overloaded when the website inevitably gets attacked, and we’re getting asked to help fix it (or even get blamed for it) when that happens.

Additionally, we provide a website hosting service for hosting websites. We don’t want people to use our service for file storage, database hosting, API hosting and so on. This system helps to enforce these rules.

2 Likes

The only way I can see that you can fix the no-javascript issue is to check if the browser has javascript, this appears to be the only way to complete a server connection.

The main issue that I am seeing about ajax calls and specific built in php calls, is that there is a major issue with security and the way in which people have been using the various pre-built solutions (github.com has created a large amount of code that is both insecure and vunerable to misuse) the main answer is to resolve the situation with test answers that will result in the same no-java response and then trickle down the list of requests to find the offending code.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.