| PixLab  & FACEIO | Knowledge Sharing & Public Forums

How Can I Overcome the EMPTY_ORIGIN error?

Viewed 9341 times

Im trying to integrate in a native application. Im getting the EMPTY_ORIGIN error. How can I overcome this?

Accepted Solution



Thanks for reaching out, and welcome to the FACEIO support center. To answer your inquiry:

The error "Origin or Referer HTTP request header is empty or missing" typically indicates that the HTTP request made to the FaceIO server lacks the necessary "Origin" or "Referer" headers. These headers are essential for security reasons, as they help the server identify where the request is coming from.

Here's what you can do to resolve the issue:

  1. Disable the Reject Missing or Empty Origin/Referer HTTP Request Headers Security option : When enabled, this option shall reject fio.js instantiation when the Origin (or Referer) HTTP request header is missing from the browser that initiated the request. This is a minimalistic security feature against forged requests. You can further restrict fio.js instantiation with your application Public ID to specific domain names you define. To disable this option (not recommended for obvious security reasons), log in to the FACEIO Console, select your target application from the Application Manager, navigate to the Security Tab, and disable this option.


  2. Check Your Client-Side Code: Ensure that when you're making the request to FaceIO, your client-side code (e.g., JavaScript) is correctly setting the "Origin" or "Referer" headers.

  3. Server Configuration: If you're using a server to make the request, ensure that it's configured to include these headers in the request. Some servers or server-side frameworks might strip these headers for security reasons.

  4. Use HTTPS: Ensure that both your application and the FaceIO server are using HTTPS. Some browsers might not send the "Referer" header when moving from an HTTPS site to an HTTP site.

  5. Browser Extensions: Some browser extensions, especially privacy-focused ones, might strip out the "Referer" header. Try testing your application in an incognito/private browsing window with no extensions enabled to see if this is the cause.

Remember, the "Origin" and "Referer" headers are essential for security, so it's crucial not to bypass them without understanding the implications. Always ensure that your application is secure and follows best practices.

Feel free to reply to this thread if you need further assistance!