0

I am trying to integrate a website API in mine, all working fine in localhost and Test Servers but no results in live server.

My Live server is : https://rcitickets.com

Simple API test is here : http://2631894-0.web-hosting.es/test2.php

Same file in my live server : https://rcitickets.com/public/test2.php

Live server shows no results ans takes forever to load.

I have tried everything from Server Config to php.ini, we have also checked with curl and same issue no data. My host has no idea neither, we have a dedicated server with no Panel, all we can use SSH or SFTP.

Marcin Orlowski
  • 72,056
  • 11
  • 123
  • 141
Adil Horki
  • 9
  • 2
  • Are you trying to access one domain from another? If so, could it be a cross domain scripting problem? https://stackoverflow.com/questions/213251/can-someone-post-a-well-formed-crossdomain-xml-sample – MikeyBunny Oct 31 '17 at 09:00
  • im trying to integrate an API from another website http://api.championstravelonline.com – Adil Horki Oct 31 '17 at 09:08
  • We have a unique api key and APi secret and all works fine, URI works perfectly in Navigators and Codes work as well and other servers but not in this one. So i don't know whats blocking it there – Adil Horki Oct 31 '17 at 09:09
  • This might be a .htaccess issue since you say it's slow and takes forever to load. A XSS usually will error out quickly, however your htaccess rules may have an infinite redirect loop and then eventually time out. For example maybe you have a rule under /public/ that handles something on the live page that is not in your test server. – Shawn Nov 01 '17 at 07:25

1 Answers1

0

It sounds like a cross domain scripting problem. On the target server in the top level folder try adding the following file and name is crossdomain.xml:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.*"/>
</cross-domain-policy>

This will allow any other domain to access the domain and execute scripts.

Once you have it working I advise that you change "." to the name of the domain that you will be running the scripts from. Otherwise malicious users may be able to exploit your open cross-domain policy.

There's a good explanation about cross-domain scripting on the wiki at https://en.wikipedia.org/wiki/Cross-site_scripting.

MikeyBunny
  • 647
  • 6
  • 13
  • I will have to check with the API supplier since i have no access to the target server. will let you know if that soved the problem. thank you – Adil Horki Oct 31 '17 at 09:32