AJAX cross domain request to public API

Question

I'm trying to set a POST via an AJAX call to register some basic data from a webpage. This is supposed to be a public web service so the request can be sent from any domain, by including a JS script.

However when executing the request i got an error :

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'xxxxxx' is therefore not allowed access. The response had HTTP status code 422.

The server response is set with the following :

response.headers['Access-Control-Allow-Origin'] = '*'
    response.headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
    response.headers['Access-Control-Request-Method'] = '*'
    response.headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization'

And here is the JS request :

var params = "f="+_.open+"&t="+_.t0;
xmlhttp.open("POST",TRACKURL,true);
xmlhttp.send(params);

I guess something is missing in the request but i can't find how to fix it.

If you have idea, i'd be happy to hear it.

thnaks

I'd suggest looking at the network tab of the browser and see if the headers are really coming through like you think. — jfriend00, Oct 25 '14 at 06:20

WKx · Accepted Answer · 2014-10-26T12:04:47.887

0

I finally found an answer to my problem, if this can help anyone else : Actually the browser send a OPTIONS request before the POST request so in order to create a cross domain AJAX request you need to set headers in both the POST response and the OPTIONS response. This can be done in your application or in the web server configuration.

edited Oct 26 '14 at 12:04

answered Oct 26 '14 at 03:43

WKx

401
4
15

score -1 · Answer 2 · answered Oct 25 '14 at 04:52

-1

You need to use an XMLHttpRequest2 or an XDomainRequest (IE) object on the client.

answered Oct 25 '14 at 04:52

Andrew Luo

919
1
5
6

AJAX cross domain request to public API

2 Answers2