Any way to go through Access-Control-Allow-Origin for development on my own server?

Question

Any way to go through Access-Control-Allow-Origin for development on my own server?

I get this javascript error

XMLHttpRequest cannot load http://foo.bar.no/API/map_tools/clean_addresses/check . The origin of http://foo.bar.no:9294 is not allowed by Access-Control-Allow-Origin.

This is all in the same domain and the same server, but my JavaScript project is hosted by a stand-alone script server that automatically bundles JavaScript and its dependencies into a single file.

How do I get through this limitation during development?

I tried to connect to my JavaScript server script. This is the result of curl to the URL:

  HTTP / 1.1 200 OK
 Date: Wed, 11 Jan 2012 09:05:14 GMT
 Server: Apache / 2.2.16 (Debian)
 Access-Control-Allow-Origin: http://foo.bar.no:9294
 Vary: Accept-Encoding
 Content-Length: 70
 Content-Type: text / plain

 array (1) {
   ["q"] =>
   string (31) "map_tools / clean_addresses / check"
 }

And still I get the same error as above. Why does Chrome still refuse to connect to the damn URL when it is explicitly allowed !?

+7

javascript ajax xmlhttprequest

Hubro Jan 11 '12 at 8:51

source share

3 answers

Use the reverse proxy capabilities of your web server for the proxy http://foo.bar.no/API/map_tools/clean_addresses/check at http://foo.bar.no:9294/API/map_tools/clean_addresses/check .

So, when you use Apache, you should add something like

  <Proxy *> Order allow,deny allow from all </Proxy> ProxyPass /API/map_tools/ http://foo.bar.no:9294/API/map_tools/ ProxyPassReverse /API/map_tools/ http://foo.bar.no:9294/API/map_tools/

into your vhost configuration

+1

Eugen ieck Jan 11 '12 at 8:56

source share

You can get around security restrictions between domains in chrome by running it using the --disable-web-security flag.

eg. (on OS X):

 open /Applications/Google\ Chrome.app/ --args --disable-web-security

+1

Gareth Apr 15 '13 at 9:50

source share

Hubro · Accepted Answer · 2012-01-11T09:26:47+0000

OK, I get it. I was looking for a simple and quick fix, because I only need cross-domain requests for development purposes. Turns out I just needed to install both

header("Access-Control-Allow-Origin: http://foo.bar.no:9294"); header("Access-Control-Allow-Credentials: true");

In my PHP script on Apache. Then in my JavaScript code:

 # Set jQuery ajax to use 'withCredentials' globally $.ajaxSetup({ xhrFields: { withCredentials: true } });

And this trick

Any way to go through Access-Control-Allow-Origin for development on my own server?

More articles: