• 0

I think I'm fighting the Same Origin Policy

Asked by Shadrack,

 Share

Question

Grand Master

Shadrack

Posted
Posted

Hi!

About 10 years ago I basically LIVED in this forum. Now I'm returning to web development for a small project of porting my application that I've written in LabVIEW to be used over the web. The fact that I am using LabVIEW isn't really important. What is important is that my LabVIEW application is running a REST service on my port 8080, and I'm trying to consume that service using some Jquery in an html page running on IIS on port 80.

The service I'm using to get things going is a simple adding service that takes the form:

http://localhost:808...:input1/:input2

Where the output is the summation of the two inputs. So for example if I were to do a GET request for http://localhost:8080/add/1/2 the return would look like:

<Response>
<Terminal>
<Name>Output</Name>
<Value>3.000000</Value>
</Terminal>
</Response>

I can't even get this basic checkout to work:

	   	 $.ajax({
				type: "GET",
				url: "http://localhost:8080/add/1/2",
				success: function(data){		
					alert(data);
				}
			});

Doing some searching reveals that I'm up against the old "Same Origin Policy" because my script is being accessed through port 80 (where IIS lives) and is trying to place a call to port 8080 (where my web service lives).

So many friggen solutions out there! But I'm having trouble getting any of them to work. It would be great if my alert box would popup and give me the correct response. I think that some kind of reverse proxy might be a good solution, but the manner of setting that up in IIS 7 on Windows 7 Pro isn't sitting well (I'm thinking of switching to Apache just because it does this more gracefully I think).

Ultimately I do not think a reverse proxy will work on the production server because I am not the admin. And what I give them as a web service installation will be running on a different port (and possibly a different domain) than the front end javascript client.

Thanks for your time.

11 answers to this question

Recommended Posts

  • 0
Rising Star

tim_s

Posted
Posted

Hi,

Do you have a public facing IP?

I.e. how can I see your results to debug?

--

When you refer to the origin policy I am assuming you mean that you are sending the request from http://localhost(:80)/ to http://localhost:8080/?

  • 0
Grand Master

Shadrack

Posted
  • Author
Posted

Hi,

Do you have a public facing IP?

I.e. how can I see your results to debug?

--

When you refer to the origin policy I am assuming you mean that you are sending the request from http://localhost(:80)/ to http://localhost:8080/?

Sorry, I do not have a public facing IP right now (and do not have the authority to enable that).

Yeah, sending the request from http://localhost:80/ to http://localhost:8080/

I'm reading about CORS as a possible solution. But there is a requirement to echo back the origin in the HTTP header which I do not think is possible with a LabVIEW web service....

-Shad

  • 0
Rising Star

tim_s

Posted
Posted

Sorry, I do not have a public facing IP right now (and do not have the authority to enable that).

Yeah, sending the request from http://localhost:80/ to http://localhost:8080/

I'm reading about CORS as a possible solution. But there is a requirement to echo back the origin in the HTTP header which I do not think is possible with a LabVIEW web service....

-Shad

This could be done in a 100 different ways depending on your level of access. How many calls a second would you be looking to instantiate? I.e. would an extra step provide an efficiency issue?

  • 0
Grand Master

Shadrack

Posted
  • Author
Posted

This could be done in a 100 different ways depending on your level of access. How many calls a second would you be looking to instantiate? I.e. would an extra step provide an efficiency issue?

I don't see any extra steps providing efficiency issues...

the number of calls is pretty low...as in a user would really only be expected to issue 1 call.

My end product (not this trivial addition one) will have the following work flow

Present user with web form -> User fills out web form and hits submit -> Contents of web form are compiled to a POST response and pushed to my REST service on port 8080 via javascript -> REST Service returns an image URL -> Javascript updates an image tag on the page with the URL returned from the REST Service.

The REST Service takes the data, does some calculations, produces a plot, saves the plot as a PNG image somewhere, and returns a URL for the image file.

In addition the end product will be behind a username/password and access will be limited to a small number of people.

  • 0

Guest pgxl

Posted
Posted

You could use the PHP fsockopen functions http://www.php.net/manual/en/function.fsockopen.php , but sockets extension needs to be enabled in the php.ini file. You could have your php script call the socket directly and pass parameters to it and have the application return results back to the php script, then the script can return data to the end user as the rest response.

If your port 8080 application is running its own webserver or can be loaded from a browser than use CURL within php as it is easier than using fsockopen.

  • 0
Grand Master

Shadrack

Posted
  • Author
Posted

Thanks guys. I have one PHP proxy worked out, but am not happy with the lag...lol (at least not on my development machine).

I found a way to incorporate my static HTML/Javascript/Image/CSS files inside the web service executable (it's compiled) so that my static files are served on port 8080. Doing this alleviated the same origin policy issues and everything is snappy.

This topic is now closed to further replies.
 Share
Go to question listing

  • Posts

    • Secure Boot

      By cork1958 · Posted

      Simple answer is yes, you will still get the Windows updates and as long as browser is up to date, you will be good. Only thing secure boot does is protect you against boot level threats and make it harder to install other OS's. I've been looking into this pretty thoroughly lately myself as wifes computer has secure boot disabled plus my other, older computers that run Linux, don't have secure boot enabled. Have seen all kinds of questions about this on the Linux Mint and MX Linux forums. Just don't suddenly enable secure boot now.
    • Ford execs say they made a mistake when they replaced human engineers with AI

      By TsarNikky · Posted

      How many other companies will follow Ford's lead? Or, have they already gotten lazy and become enslaved to AI--and now can't figure out how to get out of that mess.
    • The Trump administration doesn't want you to use OpenAI's GPT-5.6 without its approval

      By TsarNikky · Posted

      Why would any self-respecting intelligent person follow any recommendation by Donald's GOP administration? With almost two years of fabrications, deceit, and blatantly illegal behavior, why believe them now? They had best be gone after the November 2026 election, so we'll wait and see.
    • AltSendme 0.4.1

      By Copernic · Posted

      AltSendme 0.4.1 by Razvan Serea AltSendme is a minimal, cross-platform application designed for fast, secure, and private peer-to-peer file transfers. It allows users to send files or entire directories directly between devices without relying on cloud servers, accounts, or any personal information. Everything is encrypted end-to-end using modern protocols like QUIC and TLS 1.3, ensuring both strong security and low-latency performance. Transfers are verified with BLAKE3 for data integrity, and interrupted downloads automatically resume, making the experience reliable even on unstable connections. You can transfer anything—images, videos, documents, and more. Integrity checks are performed on both ends, so your files are automatically verified for correctness during both sending and receiving. AltSendme works seamlessly across local networks or long-distance links, capable of saturating multi-gigabit connections for extremely fast delivery. With built-in NAT traversal and encrypted relay fallback, it connects devices almost anywhere. The app integrates with the Sendme CLI and will soon support mobile and web platforms. Fully free and open-source, AltSendme offers a lightweight, privacy-first alternative to traditional cloud-based services, removing size limits, upload costs, and unnecessary data exposure. AltSendme 0.4.1 changelog: Release Highlights Self-hosted relays: Run your own iroh relay so transfers don't rely on public infrastructure. Includes a full deployment template in deploy/relay/ with Docker Compose for a VPS and configuration examples for production use. Fly.io support: One-click deploy template for Fly.io, including a quick-start config (fly.dev.toml) for testing without a custom domain, plus production setup with Let's Encrypt and your own hostname. Relay settings UI: New Settings → Network panel to choose how AltSendme connects: automatic public relays, custom self-hosted URLs (with optional auth token), or disabled. Test connections, verify latency, and see live relay status in the footer. Disable relays: Turn off relay servers entirely when you only need same-network transfers (e.g. LAN). Direct connections only. No relay hop required when devices can reach each other. Android graduates from beta: Android is now part of the regular release cycle alongside desktop. APKs ship with each version (universal, arm64, and armv7). Other improvements Private relay access control via shared auth token Relay fallback notifications when a custom relay is unreachable Broadcast mode toggle in sharing settings Android release build fixes (split-per-ABI APKs, universal APK preservation) UI polish: mobile safe-area insets, dropzone layout, transfer progress animation Bug fixes for minification-related serialization issues and system tray icon loading What's Changed feat(relay): add relay status functionality and settings UI (a120cdf) feat(relay): implement custom relay server configuration and verification (51276c7) feat(relay): add configuration for private relay access and enhance observability features (48fbabf) feat(relay): enhance relay URL validation, display connection status (d4fffa0) feat(relay): add RelayChangeGuard component and enhance relay-related translations (16ba514) feat(broadcast): add toggle setting for broadcast mode in sharing UI (ca6d977) fix(relay): correct QUIC discovery port, pin image, templatize fly.dev (52a2ba5) fix: More broken serialization due to minification (67491a9) fix(android): preserve true universal APK across per-ABI builds (e9f256f) fix(ui): conditional safe-area insets padding on mobile (1182f0e) refactor(transfer): CircularRing component animation fix (944572b) chore(android): drop x86 and x86_64 release APKs, keep universal+arm64+armv7 (34ada0b) Download: AltSendme 0.4.1 | ARM64 | ~9.0 MB (Open Source) Download: AltSendme for MacOS | Android Links: AltSendme Home Page | GitHub | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Why Delta Chat is the best decentralized messenger you have probably never tried

      By zikalify · Posted

      You are mostly right about the ephemeral nature of it. As I mention in the article, if you dont add a second device or take a backup of your account before uninstalling it, then yes you will lose access to your account. That said, in terms of actual user experience when you sync multiple devices your message history carries across and there's also a Saved Messages chat like there is on Telegram to send messages and attachments between your installs. But yh, what you point out are correct and its not trying to emulate Messenger or Telegram.

  • Recent Achievements

    • Week One Done
      flexorcist earned a badge
      Week One Done
    • One Month Later
      Woland13 earned a badge
      One Month Later
    • Week One Done
      Woland13 earned a badge
      Week One Done
    • One Year In
      bernmeister earned a badge
      One Year In
    • Week One Done
      Scoobystu earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      495
    2. 2
      +Edouard
      225
    3. 3
      PsYcHoKiLLa
      149
    4. 4
      Steven P.
      75
    5. 5
      FloatingFatMan
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!