Heartbleed icon indicating copy to clipboard operation
Heartbleed copied to clipboard
verified publisher icon FiloSottile

Getting CORS Error on website

Open saluce65 opened this issue 11 years ago • 3 comments

I attempted to run against us.battle.net and encountered this in my Chrome console log:

XMLHttpRequest cannot load http://bleed-1161785939.us-east-1.elb.amazonaws.com/bleed/us.battle.net. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://filippo.io' is therefore not allowed access.

I get the same issue under IE11 also.

saluce65 avatar Apr 08 '14 17:04 saluce65

It might be a firewall issue on my work computer, because it works fine from my Android phone. One thing, though...the docs state that a code of 0 means safe and 1 means vulnerable, but the website response from the amazonaws.com has those numbers reversed (1 means safe, 0 means vulnerable), as evidenced by http://bleed-1161785939.us-east-1.elb.amazonaws.com/bleed/yahoo.com

saluce65 avatar Apr 08 '14 17:04 saluce65

The command line tool has indeed a inverted convention :(

Couldn't change website too because of cached js around.

FiloSottile avatar Apr 08 '14 18:04 FiloSottile

CORS issue is probably your side

FiloSottile avatar Apr 08 '14 18:04 FiloSottile