|
|
 Leo - 2016-03-25 09:29:03 XMLHttpRequest cannot load https://www.linkedin.com/uas/oauth.... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://testsite.careerment.co' is therefore not allowed access.
 Melanie Wehowski - 2016-03-25 09:43:01 - In reply to message 1 from LeoHello Leo,
if the User Agent sends the XMLHttpRequest header and the Origin header it expects that the server response includes a corresponding Access-Control-Allow-Origin header.
See the CORS concept: https://www.google.com/?q=CORS
You need either controll over the UserAgent and avoid the XMLHttpRequest header (e.g. if you do the request by your server and not by the clients browser javascript), or you need to controll the server (linkedin.com) and set Access-Control-Allow-Origin to your Origin or *.
Leo - 2016-03-25 09:49:12 - In reply to message 2 from Melanie WehowskiI already set this in the code...
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With');
header('Access-Control-Allow-Credentials: true');
but it still gives me the same error
Melanie Wehowski - 2016-03-25 11:18:19 - In reply to message 3 from LeoHi Leo,
are you the admin of the linkedin.com server?
From server-side try to change:
header("Access-Control-Allow-Origin: ".((isset($_SERVER['HTTP_ORIGIN'])) ? $_SERVER['HTTP_ORIGIN'] : "*"));
header("Access-Control-Allow-Headers: X-Requested-With");
Otherwise if you are the CONSUMER of the OAuth flow and you try to access the linkedin API by ANY browsers javascript Cross-Domain, you will have no chance to do so if the PROVIDER does not allow it!
 Manuel Lemos - 2016-03-26 01:32:34 - In reply to message 1 from LeoIf you want to call from JavaScript the LinkedIn API with the token obtained by the class, calling it directly is not the way to go.
You need to call a PHP script that calls the LinkedIn API usig the CallAPI function. That function not only takes care of calling the LinkedIn API but also automatically renews the token if it expires.
Also for security reasons you should not expose the token the browser via JavaScript, as it may be intercepted by somebody that snoops your connection.
Leo - 2016-03-26 06:51:41 - In reply to message 5 from Manuel LemosIm using this to call the Linkedin API: http://www.phpclasses.org/package/7700-PHP-Authorize-and-access-APIs-using-OAuth.html
When I started integrating it in the Server it works smoothly, but since yesterday it doesn't work all of a sudden.
Manuel Lemos - 2016-03-26 07:02:11 - In reply to message 6 from LeoYes, this is the forum of that package.
I just tried the login_with_linkedin.php script and it works as expected.
What does not work for you?
You mentioned you are using XMLHttpRequest. Since that is a JavaScript object, I suppose you are calling the LinkedIn API directly from JavaScript, eventually with a token obtained with this PHP OAuth API class.
What I am suggesting is that instead of calling the LinkedIn API directly from JavaScript, send a AJAX request using XMLHttpRequest to a PHP script that uses this PHP class, then call the CallAPI function of the class to make the actual call to the LinkedIn API. See what I mean?
This way you will not have those errors in the browser that only happen in JavaScript.
Leo - 2016-03-26 07:19:17 - In reply to message 7 from Manuel LemosOkay, I'll try and do that.
Thank you!
Manuel Lemos - 2016-03-26 07:32:20 - In reply to message 8 from LeoOK, just let me know if you have difficulties. I may as well develop a simple proxy add-on class to make it easy for people like yourself.
Leo - 2016-03-26 18:31:23 - In reply to message 9 from Manuel LemosHello,
I can now access the Linkedin Authorization page, but for some reason after clicking the Allow Access. It directs me to the redirect_uri value. I just checked my Linkedin app usage and this is the only resource there: OAUTH2 APP AUTHORIZATION CODE REQUEST.
|
