How to set up server for Cross-Origin Resource Sharing (CORS)

cross-domain

I have a web-page on my domain (ecmazing.com), and I'd like to be able to send AJAX requests to this URL:

http://hacheck.tel.fer.hr/xml.pl

It's a Perl script that is located on a different domain (and it returns an XML response).

The "Same origin policy" doesn't allow for Ajax communication from a web-page on my domain.

Now, I've heard about CORS, and I think that it could solve my issue. If I understand correctly, the admin of the hacheck.tel.fer.hr domain would have to configure the web-server so that Ajax requests from my domain (ecmazing.com) would be permitted.

Could you tell my what actions specifically the admin would have to perform? I'm going to contact him so I'd like to be able to give him the specifics…

CORS spec is here: http://www.w3.org/TR/cors/

Info about CORS is here: http://www.w3.org/wiki/CORS_Enabled

Best Answer

According to the link you sent it's enabled by defualt and only needs a .htaccess file change presuming it's apache:

To expose the header, you can add the following line inside <Directory>, <Location>, and <Files> sections, or within an .htaccess file.

 <IfModule mod_headers.c>
   Header set Access-Control-Allow-Origin "*"
 </IfModule>

I can say that as an admin you had better be well prepared to justify why this can't be done in code rather than on the server and why I should allow you to do this.

Related Solutions

Cookie not send in IE, when used in an IFrame from another domain

It turns out IE does not send a cookie in a cross domain scenario over HTTPS.

To solve I had to add a custom P3P header. Scott Hanselman has an interesting article on that topic.

In an ASP.NET scenario you can either add the custom header via IIS or in your application in the Global.asax. Here is an explanation of that.

Nginx – Allowing cross origin requests (CORS) on Nginx for 404 responses

Even though this was asked long ago, I was compiling nginx with more module, but with newer version of nginx, I found I don't have to custom compile nginx, all I needed was to add always directive.

http://nginx.org/en/docs/http/ngx_http_headers_module.html

Syntax: add_header name value [always];

If the always parameter is specified (1.7.5), the header field will be added regardless of the response code.

So a tuned version of CORS headers:

            if ($cors = "trueget") {
                    # Tells the browser this origin may make cross-origin requests
                    # (Here, we echo the requesting origin, which matched the whitelist.)
                    add_header 'Access-Control-Allow-Origin' "$http_origin" always;

                    # Tells the browser it may show the response, when XmlHttpRequest.withCredentials=true.
                    add_header 'Access-Control-Allow-Credentials' 'true' always;
            }

Best Answer

Related Solutions

Cookie not send in IE, when used in an IFrame from another domain

Nginx – Allowing cross origin requests (CORS) on Nginx for 404 responses

Related Topic