4

I have a local site running ASP.Net MVC 3 over HTTP and HTTPS through IIS Express.

The HTTP url is http://localhost:4000 and the HTTPS is https://localhost:44301.

I'm trying to hook up the Stripe payments API but it really does not like the port, protocol and domain mismatch. I've tried using CORS to tell it to trust stripe.com but it seems that it is due to the port mismatch and I cannot figure out how to tell it to ignore that.

Adding the following header does not product any difference.

Access-Control-Allow-Origin:*

When accessing my payment page via HTTP, I get the following:

Blocked a frame with origin "https://checkout.stripe.com" from accessing a frame with origin "http://localhost:4000". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.

It gets worse when using SSL as my local SSL port is not 443.

How do I tell CORS to ignore the port mismatch whilst in development?

sideshowbarker
  • 62,215
  • 21
  • 143
  • 153
Ryan O'Neill
  • 5,065
  • 4
  • 44
  • 63

3 Answers3

4

You can disable same origin policy while in development. Load chrome with the following argument: --disable-web-security

https://stackoverflow.com/a/6083677/287760

Community
  • 1
  • 1
tonymayoral
  • 2,639
  • 1
  • 20
  • 25
1

Didn't the error message tell you the problem? Use HTTPs.

Brock Allen
  • 7,315
  • 17
  • 24
  • As it says above, it IS using https but it is a DEV box. In order to listen on port 443 in dev I need to run in admin mode and tweak a lot of configs. I was hoping there would be a friendlier alternative. HTTPS is running on port 44301 (IIS express has set this up with a self signed cert). – Ryan O'Neill Aug 01 '13 at 13:42
0

I still get this message my live site:

Uncaught SecurityError: Blocked a frame with origin "https://checkout.stripe.com" from accessing a frame with origin "https://getaddress.io". Protocols, domains, and ports must match.

..everything still works so I wouldn't worry about it. There's not much you can do about the domains being different.

Lee Smith
  • 5,556
  • 4
  • 24
  • 33