Cross domain AJAX results in 403 forbidden

Question

We are trying to make cross domain AJAX call via POST. If we directly try to access bbb.com from aaa.com it will ask for credentials. Only after giving credentials will we be able to access bbb.com. Now in the same way, when an AJAX call is made to a different domain, in this case bbb.com I'm receiving a 403 forbidden error.

I tried adding the authorization header and now in the request header, I see the below headers but even after having authorization header I'm still having the issue.

Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Access-Control-Request-He... authenticationindicator,authorizationtoken
Access-Control-Request-Me... POST
Authorization Basic TG9uZG9uOkJiZ0JlbjE4NTk=
Cache-Control no-cache
Host aaa.com
Origin bbb.com
Pragma no-cache
Proxy-Connection keep-alive
User-Agent Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0

Does anyone know how we can solve the 403 forbidden issue?

What does bbb.com reply when you make the same request from bbb.com (same orogin)? A 403 does not produced by the same-origin policy restriction but provided by your server on bbb.com due to it's configuration, etc. — marekful, Jan 10 '13 at 11:23
You are problably looking for a JSONP solution or set up a server-side proxy that handles the request towards the other domain. Have a look here: http://stackoverflow.com/questions/2558977/ajax-cross-domain-call — Tobias Nilsson, Jan 10 '13 at 11:23

score 3 · Answer 1 · answered Jan 10 '13 at 11:28

3

Sounds like a Cross Origin issue - https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS

You probably want to add something the headers returned from bbb.com, like so:

Access-Control-Allow-Origin: *

Hope that helps, Chris

answered Jan 10 '13 at 11:28

Chris Kimpton

5,546
6
45
72

1

Of course this will only work if the OP can modify `bbb.com`. – Felix Kling Jan 10 '13 at 11:28
1

Wouldn't this completely expose `bbb.com` to security vulnerabilities? – BenKoshy Aug 31 '21 at 07:23

score 1 · Answer 2 · edited May 23 '17 at 11:50

1

You can't make cross-domain AJAX calls.

If you wan't to get some infos from another domain as your own, you can do it server site with PHP for example and then make an ajax call to your own php script.

Another solution is to use JSONP

edited May 23 '17 at 11:50

Community

1
1

answered Jan 10 '13 at 11:22

Enthusiasmus

303
2
9

Ya, but here it is a post request,not a get, so I cant use jsonp – balaji Jan 10 '13 at 11:27
1

You can, with CORS enabled. – Felix Kling Jan 10 '13 at 11:27

score 1 · Answer 3 · answered Jan 10 '13 at 11:23

1

ajax doesnt allow cross domain calls. use jsonp for this purpose. http://jsonp.jit.su/

answered Jan 10 '13 at 11:23

Mujtaba Haider

1,650
2
19
29

score 1 · Answer 4 · answered Jan 10 '13 at 11:26

1

Ajax does not allow cross-domain calls. If you want to do it that way, you can make your Ajax code call PHP (or whatever you choose) code which can access bbb.com and you can return this data to the client.

answered Jan 10 '13 at 11:26

Swapnil

8,201
4
38
57

Cross domain AJAX results in 403 forbidden

4 Answers4

Linked