How to correctly configure a reverse proxy with Apache, to be used for cross-domain AJAX?

Question

Needing to develop a web application that at the same time is highly dependent on an API but at the same time cannot reside on the same domain as the API itself, it\'s been quit

Answer 1

The problem here is that the browser is trying to protect you from getting pwned by random javascript placed on some web page. If it would let all javascript to run in the same context you would lose you Facebook sessions cookies or some other data to bad guys.

In this case the culprit could be something so simple as Chrome does not consider 'dev' to be a Fully Qualified Domain Name so it will fail the same origin test. Other reason might be that at some point you are getting stuff from app.somesite.dev and at some point you send requests to 'dev'

The servers don't care what they send and it is the browser you need to fool to believe everything is coming from the same host

1. I would replace 'dev' in the hosts file with dev.example.com 127.0.0.1
2. I would make sure everything coming out of the Apache proxy only refers to dev.example.com no matter from which server it comes
3. Only use dev.example.com in your code

If all else fails you could add a HTTP header 'Access-Control-Allow-Origin: *' to allow any origin, but I would not use this except just in dev-environments.

PS. Even if you get javascript from example.com:80 that javascript can't even call example.com:443 or javascript from example.com cannot make xmlhttprequests to dev.example.com