5

We have a set of api that we're calling from the same machine, the address is mycompany.com:8080 for the server and mycompany.com for the ajax.html file.

How can we avoid the cross domain policy?

Anyway to do this with some proxy configuration?

please, no JSONP!

Thanks!

Enrichman
  • 11,157
  • 11
  • 67
  • 101
  • what backend language are you using ? – Manse Jul 10 '12 at 11:40
  • Include a response Header with these values "Access-Control-Allow-Origin : mycompany.com" on the server, it shall allow to access the resource. – Furqan Hameedi Jul 10 '12 at 11:42
  • I would like to avoid any modification of the backend. It's java by the way. – Enrichman Jul 10 '12 at 11:44
  • possible duplicate of [Getting around same origin policy in javascript without server side scripts](http://stackoverflow.com/questions/2067029/getting-around-same-origin-policy-in-javascript-without-server-side-scripts) and a gazillian others – Quentin Jul 10 '12 at 12:52

2 Answers2

6

Two or more documents can be considered in same domain origin, if they have on - Same Host - Same Port - Same Protocol. In your case port is different so you can not put ajax query directly. Instead you need to specify following header in response.

 Access-Control-Allow-Origin: mycompany.com

For more info, check this

Laxmikant Dange
  • 7,606
  • 6
  • 40
  • 65
2

You ask if this can be done with a proxy configuration, and of course that's one simple solution, just have the main server proxy requests to the AJAX server. It's usually simple to set up. But the Same Origin Policy means that you won't be able to do this with a pure client-side solution.

Scott Sauyet
  • 49,207
  • 4
  • 49
  • 103