I am creating a bookmarklet which makes a cross domain Ajax call. After some digging around, I came across Cross Origin Resource Sharing. Where I have to set request headers on my domain saying that it is okay to do that.
I came across a blog post that explained how to do it in rails. Here is the code for my application.rb
before_filter :set_access_control_headers
def set_access_control_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS'
headers['Access-Control-Max-Age'] = "1728000"
end
When I try making the call while I am on my domain it sets the correct headers. But when I try from other domains, which is the main purpose for these options, they do not get set. I get the following error:
XMLHttpRequest cannot load http://mydomain.com/ Origin stackoverflow is not allowed by Access-Control-Allow-Origin. Well this is because it is not being set. From my knowledge this is something to do with the server or do I actually have to change something in my Javascript. Is there an option I am missing?
Any help would be appreciated. Thanks.
