how to fix blocked by CORS policy

I have a load function from html page at anothor domain, I recieve this error only in the private navigation.

Access to XMLHttpRequest at ‘http://localhost/page.html’ from origin ‘https://spsite.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

the function is :

$  ("#Div-Content").load('http://localhost/page.html'+ " #main-content"); 

apt-cache policy shows an apt repository that’s not in my sources.list

On a fresh ubuntu 16.04 Docker image I ran apt-get update and then apt policy:

root@7b9b53f65af4:/etc/apt# apt-cache policy apt-file apt-file:   Installed: (none)   Candidate: 2.5.5ubuntu1   Version table:      2.5.5ubuntu1 500         500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages 

But I do not see this apt repo anywhere in /etc/apt. Is this expected?

root@7b9b53f65af4:/etc/apt# grep -ri 'amd64' . root@7b9b53f65af4:/etc/apt# 

I did find these, but they’re not exactly the same:

root@7b9b53f65af4:/etc/apt# grep -ri 'xenial.universe' * sources.list:deb http://archive.ubuntu.com/ubuntu/ xenial universe sources.list:# deb-src http://archive.ubuntu.com/ubuntu/ xenial universe 

Full contents of /etc/apt/sources.list pasted below. No other .list files in that directory or its subdirs.

root@7b9b53f65af4:/etc/apt# cat sources.list # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://archive.ubuntu.com/ubuntu/ xenial main restricted # deb-src http://archive.ubuntu.com/ubuntu/ xenial main restricted  ## Major bug fix updates produced after the final release of the ## distribution. deb http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted # deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates main restricted  ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://archive.ubuntu.com/ubuntu/ xenial universe # deb-src http://archive.ubuntu.com/ubuntu/ xenial universe deb http://archive.ubuntu.com/ubuntu/ xenial-updates universe # deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates universe  ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://archive.ubuntu.com/ubuntu/ xenial multiverse # deb-src http://archive.ubuntu.com/ubuntu/ xenial multiverse deb http://archive.ubuntu.com/ubuntu/ xenial-updates multiverse # deb-src http://archive.ubuntu.com/ubuntu/ xenial-updates multiverse  ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb http://archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse # deb-src http://archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse  ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. # deb http://archive.canonical.com/ubuntu xenial partner # deb-src http://archive.canonical.com/ubuntu xenial partner  deb http://security.ubuntu.com/ubuntu/ xenial-security main restricted # deb-src http://security.ubuntu.com/ubuntu/ xenial-security main restricted deb http://security.ubuntu.com/ubuntu/ xenial-security universe # deb-src http://security.ubuntu.com/ubuntu/ xenial-security universe deb http://security.ubuntu.com/ubuntu/ xenial-security multiverse # deb-src http://security.ubuntu.com/ubuntu/ xenial-security multiverse 

How to prevent USB Block Policy to be circumvented?

I know that I can disable USB devices using group policy for the computers of my company. What I want to achieve is allow user to use the USB port only for charging their phones, connect their mouse and keyboard but NOT allow file sharing from removable media to computer (and vice versa). So my question is how do I ensure that this policy works if:

  • Some of the users have laptops, and in some cases they work from home and are not connected to domain
  • Some of the users are local admins to their computer

Thank you

Error usando Angular.js – Node.js : Access to XMLHttpRequest at ‘.. ‘has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’

soy nuevo aprendiendo este stack MEAN, espero puedan ayudarme, llevo dias con esto y la verdad no puedo dormir bien por pensar tanto 🙁 .

Logre hacer una peticion get al sitio de JSON (https://jsonplaceholder.typicode.com/posts) y si me devolvio un JSON.

Pero tambien estoy intentando acceder a esta direccion (http://aplicaciones007.jne.gob.pe/srop_publico/Consulta/Afiliado/GetNombresCiudadano?DNI=47099414 ) y ya de por si le estoy agregando un parámetro que solicita, y en la web me devuelve datos(Un nombre y apellido). Pero cuando lo llamo desde angular me tira este error :

Access to XMLHttpRequest at ‘http://aplicaciones007.jne.gob.pe/srop_publico/Consulta/Afiliado/GetNombresCiudadano?DNI=47099414’ from origin ‘http://localhost:4200’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.


core.js:15724 ERROR HttpErrorResponse {headers: HttpHeaders, status: 0, statusText: “Unknown Error”, url: “http://aplicaciones007.jne.gob.pe/srop_publico/Consulta/Afiliado/GetNombresCiudadano?DNI=47099414”, ok: false, …} error: ProgressEvent {isTrusted: true, lengthComputable: false, loaded: 0, total: 0, type: “error”, …} headers: HttpHeaders {normalizedNames: Map(0), lazyUpdate: null, headers: Map(0)} message: “Http failure response for http://aplicaciones007.jne.gob.pe/srop_publico/Consulta/Afiliado/GetNombresCiudadano?DNI=47099414: 0 Unknown Error” name: “HttpErrorResponse” ok: false status: 0 statusText: “Unknown Error” url: “http://aplicaciones007.jne.gob.pe/srop_publico/Consulta/Afiliado/GetNombresCiudadano?DNI=47099414” proto: HttpResponseBase


El codigo de mi servicio es :

 import { Injectable } from '@angular/core'; import {HttpClient}from '@angular/common/http' import { Persona } from '../modelos/persona';  @Injectable({   providedIn: 'root', }) export class PersonaService {    selectedPersona: Persona;   personas:Persona[];   readonly URL_API='http://localhost:3000/Inicio/Persona';   readonly URL_API_RENIEC='http://aplicaciones007.jne.gob.pe/srop_publico/Consulta/Afiliado/GetNombresCiudadano?DNI=47099414';   readonly URL_API_JSON='https://jsonplaceholder.typicode.com/posts';    constructor(private http: HttpClient) {      this.selectedPersona=new Persona();   }    getDataJson(){     return this.http.get(this.URL_API_JSON)   }    getDniPersona(){     return this.http.get(this.URL_API_RENIEC)   }  }  

Y en mi componente ts :

ngOnInit() {      this.personaService.getDataJson() //Obtener los datos de "https://jsonplaceholder.typicode.com/posts"     .subscribe(datos=>{       console.log(datos);     });       this.personaService.getDniPersona() //Obtener los datos de "aplicaciones007.jne.gob.pe/srop_publico/Consulta/Afiliado/GetNombresCiudadano?DNI=47099414"     .subscribe(datos=>{       console.log(datos);     }); } 

Por favor ayúdenme, gracias de antemano.

Who or what exactly does the “Same Origin Policy” aim to protect

As I understand the “Same Origin Policy” is a browser security feature that aims to protect the user. It prevents scripts to load data from another webserver (typicall with ajax).

So esentially there are 3 actors:

  • The User in the Browser
  • The Original Website
  • The “other origin” Web Resource

Does it protect the user ? No: With CORS I can just allow any Origin on a malicious “Other origin” Web Resource

Does it protect the original Website? No: With CORS I can just allow any Origin on a malicious “Other origin” Web Resource

Does it protect the “other origin” Web Resource? No: A browser with Same Origin Policy disabled or a crafted request can be used to get the request trough anyway

I cannot get my head around that. What is the situation where the SOP help and which of these 3 actors does it protect in this situation.

intrusion prevention system detected “et policy pe exe” should i worry

I have a UniFi Security Gateway (USG Pro 4P) and just enabled IPS (intrusion prevention system). I am seeing many “ET POLICY PE EXE or DLL Windows file download HTTP” alerts. I have not been able to find any more information on that alert. Should I worry about this alerts or white list it? The destinations are all over the world so I am concerned

This is a list of some of the worldwide destinations

This is the specific alert through the ui