CORS - Cross-Domain AJAX Without JSONP By Allowing Origin On Server

Question

I have two separate apps on the same server, with the EmberJS one trying to do cross-domain calls to my backend API.

I set up my backend API to allow cross-domain re

Answer 1

You can use rack-cors in Rails 5, to set it to allow all URLs.

Rails.application.config.middleware.insert_before 0, Rack::Cors do
  allow do
    origins '*'
    resource '*', headers: :any, methods: [
      :get, :post, :put, :patch, :delete, :options, :head
    ]
  end
end

Answer 2

In cross-domain environment I suggest to use JSONP instead CORS becase many free hosts does not support cross-domain CORS. It is detailed in working examples - both JSONP and CORS.

Answer 3

There is no need to use JSONP if you enable CORS.

Access-Control-Allow-Origin: http://www.example.com

if this header is set in the response, then normal XmlHttpRequest will be able to access the response as if it is like same domain. Check whether this header is set correctly.

I hope that this link will help you if you are using jquery A CORS POST request works from plain javascript, but why not with jQuery?

Update: Example

var xmlhttp= new XMLHttpRequest();
var url="https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS?redirectlocale=en-US&redirectslug=HTTP_access_control";
xmlhttp.open("GET",url,false);
xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
xmlhttp.send();

Try this in any domain, you will get response.

Update solution:

Request url without "http://" caused the problem, prepending "http://" solved the issue