FireFox blocking content

98 views Asked by At

I am using WHMCS billing system. WHMCS have an own affiliate program, but it does work only on a subdomain. Since billing should be on a different server, just in case.

So we made a script for this one because users want to use the main link, instead of subdomain link. Because then you are using subdomain my.xeovo.com instead of xeovo.com you are going straight to billing, and have no choice to look at the main site.

JavaScript takes "r" from the link. This is how referral links looks like (/?r=1)

function ref() {
        var vars = {};
        var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m,key,value) {
        vars[key] = value;  });
    return vars;
}

function file_get_contents( url ) {

    var req = null;
    try { req = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) {
        try { req = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) {
            try { req = new XMLHttpRequest(); } catch(e) {}
        }
    }
    if (req == null) throw new Error('XMLHttpRequest not supported');
    req.open("GET", url, false);
    req.send(null);
    return req.responseText;
}


function start() {
    var id = ref()["r"];
    var nl = file_get_contents("https://my.xeovo.com/aff.php?aff=" + id);
    console.log("REF ID:" + id);

$.get("https://my.xeovo.com/aff.php?aff=" + id, function( data ) {

$( ".resss" ).html( data );
console.log('ok');

});



}

window.onload=function(){
    start();
}

The script works totally fine, but we are getting a small problem in FireFox. We tested on Chrome/Opera/IE and everything was fine. If you open https://www.xeovo.com in FireFox and click on certificate you are going to get this here is screenshot

So any idea how we can fix this? Thanks.

1

There are 1 answers

0
wesamly On

If you check the browser console (Tools > Web Developer > Web Console), it gives the following error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://my.xeovo.com/aff.php?aff=undefined. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

According to this SO answer, it is a header to prevent others from using your resources, that answer have the solution:

In my.xeovo.com add the following line to your .htaccess:

<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>

You might need to read more about this header to refine it to custom files, instead of everything.