Javascript Array Wrapper or Class

I need a Wrapper or a Class that can control the Max Length of an Array on setting a value... It might be possible with a Prototype too, which is fine...

let myArray = new ArrayClassThing();

myArray.setMax = 50; // should be a const value set in Constructor or Prototype

myArray[50] = "Foo"; // This should work fine, I know index starts at 0, but I am not using 0 so total of 50
myArray[51] = "Bar"; // Need to do nothing

Javascript is different than Ruby where you can use special characters to define Getter and Setter methods:

# Ruby Code
class Array_Wrapper
def initialize
@data = []
end

Getter

def [](id)
if id <= 50 and @data[id]
return @data[id]
end
end

Setter

def []=(id,value)
if id <= 50
@data[id] = value
end
end

As far as I understand, cant use a "[]" as a Getter or Setter Method, and I need something that can do exactly that, just to control a Static Maximum, like in the first code block... Perhaps a better question to ask is how to define Getter and Setter Method WITHOUT A PROXY (which I KNOW is damn well good and possible) of a Class Prototype, but from inside the constructor (which I also know is syntactical sugar)... Can anyone help out with this?

I looked at that allow-same-origin iframe attribute and I believe it wont work for what I have it intended for, as the IFrame would be an include on other peoples sites, not my own, I believe it would not be appropriate for that header. ... (?) Well, I got it "sort of" talking. Im now getting back Opaque responses but no data! Im so confuzzled, and kind of frustrated. I feel like all I am doing is throwing headers at it and hoping something sticks and each header fixes something some other header does! Hour of reading, 2 minutes of code, go back to reading, and very little success... I did take your advice and used fetch instead of XMLHttpRequest, which seems more flexibler! Is that a word? What do I need to do for me to get data back from the cookie in php and not just an Opaque response?

Two things I think you need to focus on learning: Console Log, and Typeof. Javascript has a few primitive types of variables. It looks like you started going back and forth with int coming up as strings. I saw you put in parseInt which is what you need. What else may help is instead of putting things out to a browser element, you can access them with the Console. Console = press F12 and look at the "Console". (Except IE because IE still sucks) So you can try your first one with this:

console.log("Hello World")

This is rather important as next thing to try to see if a value is an Integer or not is this:

console.log(typeof myVar)

That should tell you Integer or String or Array. If you try to add a String to an Integer you get a hybrid and the Int is converted to a string.

var myVar = "Hello" + 12345;
console.log(myVar);

The output of that will be "Hello12345" Happens with Numbers also, which is when you end up with NaN or "Not a Number" which can be checked with "isNaN(var)". So lets say you have this:

var varA = 10;
var varB = "20";
var sum = varA + varB;

Did you notice the quotes on varB? It means that although there are numeric characters in it, the variable is treated like a String, which causes varA to be typecast to a String. Your output there would be "1020" not the 30 like you expect. Back to the console for just a moment. If you need to check the value of a variable or object or something in your code without jumping thru a thousand hoops to even see what that is, you can "LOG" that. In the console you can type your variable name. Simply type "varA" without the quotes and the console will output whatever the VALUE of varA is. You can also try putting in "typeof varA" (again, no quotes) and see if the VALUE is an integer or string, which is where I think you have the most trouble! It doesnt fix your problem, but I hope this helps to undestand what the problem is and some of the tools you have available to you!

Agreed, I do not believe it should be a CORS request... with one exception to that thought... But yes, different browsers and computers. I even tried accessing it with a Super Nintendo from WAY back in the day and that turned out exactly as you'd expect! I went so far as to try VM Kubuntu also running firefox and same thing. So this is probably affecting it, but the iframe is in Sandbox mode, with scripts allowed, so I think its *possible* I may need to use CORS anyway due to the IFrame being Sandboxed. CSP appears to work perfectly as expected. I am trying something from an inverse approach. Put it on "full lockdown", then open up for things that are needed. And I cant quite figure out how to "open it back up" without completely unlocking it. My concept is to do something "super" stupid as far as security pros will say. Users get to upload their own scripts to interact with a Canvas Object that other users can view and interact with. Everything else needs to be in full on lockdown mode. So I know I am asking for things that conflict. Most things work so far. Browsers shouldnt have access to Http Only cookies, this particular IFrame should. This is the only thing I want to work differently that doesnt work. CSP did a great job of only allowing open data connections to scripts and sources specified in the CSP headers from PHP / Apache. Perhaps a safer idea would be to figure out how to make this a CORS request and do that properly? --- Edit: Yay! I have a NEW error! It is different than the OLD error so the fact that I have a NEW error is wonderful news to me! Firefox Error: (Ambiguous) Error: TypeError: NetworkError when attempting to fetch resource. Chrome Error: POST https://www.webucate.me/cors\_csp/jsondata.php net::ERR_BLOCKED_BY_RESPONSE fetchData @ iframe.php:76 So now it is between my fetch call and probably PHP headers:

const fetchData = async function(data = {}) {
let url = 'https://www.webucate.me:443/cors\_csp/jsondata.php';
const response = await fetch(url, {
method: 'POST',
mode: 'no-cors',
cache: 'no-cache',
credentials: 'include',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
redirect: 'follow',
referrerPolicy: 'same-origin',
body: JSON.stringify(data)
})
.then(response => response.json())
.then(result => {
console.log('Success:', result);
})
.catch(error => {
console.warn('Error:', error);
return;
});
return response

This is the error message I get:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.webucate.me/cors\_csp/jsondata.php. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘https://www.webucate.me’).

I looked at the Origin header, its never sent. So much for Stack Overflow answers on other questions when youre tired, tend to miss stuff, like misleading comments. I will take a look further into fetch and maybe the polyfill, but I dont really have any intention of trying to support IE. Thank you.

Hi all, first post here... I am playing with Content Security Policies and some other stuff trying to figure out how to add a bit if security for users. Ive created about a dozen pages, all nicely and neatly working together so far. All garbage test stuff, but its not working as I have hoped. One of the functions I need to work is to use AJAX to load data from a PHP script including a cookie with an HttpOnly flag set, so Javascript cant read it. Trouble is that no matter what I try short of turning off ALL security (which aint gonna happen), I can not get my AJAX call to not violate Cross Origin Request Policy. What is throwing me off is that I dont believe it should be Cross Origin at all! I know one way to do it is to process the "Origin" header when sending the request but its never actually sent! Typically it is not, except for when "withCredentials" flag is also set, which it is. If thats what I gotta do, fine, but I cant get it to work. Better solution is make sure it is NOT treated as Cross Origin, and I believe that would also resolve it. Both my solutions are evading me! The script is in "iframe.php" So here is my test page on my test server: https://www.webucate.me/cors\_csp/ Full source is here: https://www.webucate.me/cors\_csp/ajax.php This is where it fails on me. This AJAX call wont send the cookie. I am not sure if this is where I need to fix it however...

const loadLocalXMLCookie = function(){
// This isnt working, I get a CORS Violation
let url = "jsondata.php";
var xhttp = new XMLHttpRequest();
// Third Argument of "true" allows XLMHttpRequest2 which allows sending Cookies via AJAX
xhttp.open("GET", url, true);
// withCredentials should send Cookies via the request, and should not be needed on SameSite
xhttp.withCredentials = true;
xhttp.onreadystatechange = function() {
console.log(this);
if (this.readyState == 4 && this.status == 200){
outputElement.innerHTML = this.responseText;
}
};
xhttp.onerror = function(){ outputElement.innerHTML = "XML Cookie Error " + url; };
xhttp.send();
}

What can I do so that this XMLHttpRequest object is not treating the request as Cross Origin, thus, use PHP to read and set the cookie? If I have to use Cross Origin, what am I missing in my setup?