0

I'm trying to figure out how to get web torrent to play a video, but I'm getting some weird errors. Here is a pastebin: https://pastebin.com/raw/3wp5F8Fh

And here is a live version: https://41182065-e8d9-40b1-8dd9-9433b402bce9.htmlpasta.com/

When we go to the chrome console, we get this:

Mixed Content: The page at 'https://41182065-e8d9-40b1-8dd9-9433b402bce9.htmlpasta.com/' was loaded over HTTPS, but requested an insecure script 'http://momentjs.com/downloads/moment.min.js'. This request has been blocked; the content must be served over HTTPS.
/favicon.ico:1 Failed to load resource: the server responded with a status of 404 ()
(index):1 Access to XMLHttpRequest at 'https://nyaa.si/download/941788.torrent' from origin 'https://41182065-e8d9-40b1-8dd9-9433b402bce9.htmlpasta.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
webtorrent.min.js:4 Uncaught Error: Error downloading torrent: XHR error
    at webtorrent.min.js:5
    at t.exports.<anonymous> (webtorrent.min.js:7)
    at t.exports.t (webtorrent.min.js:5)
    at t.exports.r.emit (webtorrent.min.js:4)
    at XMLHttpRequest.c.onerror (webtorrent.min.js:7)
Ryan Glenn
  • 1,325
  • 4
  • 17
  • 30

1 Answers1

0

The explanation is in the error message, but in short: your browser has blocked the request because you're using AJAX to communicate with a remote server and that server isn't sending the appropriate 'Access-Control-Allow-Origin' header.

The reason such requests are blocked is to protect you from malicious scripts - if you're logged in to website A and have access to some private data, then website B shouldn't be able to trigger an AJAX request to access that data unless A trusts B.

The general term for this kind of access is 'Cross Origin Resource Sharing' or 'CORS' - for more information, Mozilla have a nice summary here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

If you have control of the remote server then responding with the appropriate header will allow the request to go through (although note that some browsers such as Safari will still block cookies from the remote server because this technique can be used for tracking).

DaveMongoose
  • 875
  • 9
  • 15
  • Is there anything I can do? I do not have access to that server. – Ryan Glenn Jun 21 '19 at 12:57
  • @RyanGlen This answer gives some details of how you can get around it: https://stackoverflow.com/a/43881141/2208016 *But* I would advise caution - some of the suggestions on there (such as the proxy) mean you're passing data through a third party so it's important to trust that third party or at least be aware of the risks. – DaveMongoose Jun 21 '19 at 13:07
  • I tried using the proxy, it seemed to just give trash data see here: https://cors.io/?https://nyaa.si/download/941788.torrent Have any ideas why it might be doing that? – Ryan Glenn Jun 21 '19 at 13:22
  • @RyanGlen that's not trash data - that's the content of the .torrent file (you can download it yourself if you want to check). I'm not sure how you get webtorrent to load it, but that's beyond the scope of this question. – DaveMongoose Jun 21 '19 at 13:29
  • That's what I thought, but like, I can't actually download that file from a browser. I could probably write some sort of backend script to download that data from cors.io but I'm not entirely sure if that's a good solution? My idea: Write a ruby script to download the .torrent file from cors.io, then have webtorrent point to a local version of the .torrent file. Would this work? – Ryan Glenn Jun 21 '19 at 13:31