How to Overcome Cross-domain Issues for Ajax Calls to CAS-protected Resources?

Question

What are potential solutions to a redirection problem that occurs when trying to make AJAX calls to a CAS-protected, SSL-encrypted resource located on a server different fro

Answer 1

I have 2 suggestions:

• can you set up a proxy script on the same domain as the one that holds the JS code? That way the proxy script would query the CAS and return desired results
• can you enable JSONP? this type of request is not limited by the security policy (but then anyone could use the service)

Answer 2

I never heard about CAS, but in general: Javascript has some restriction called “same origin policy”. A visible ressource is not automatically visible to Javascript, too. Did you try to access the ressource using a reverse proxy to make it available within the same domain? You could also consider to point your domain onto a separate web server and include both servers as reverse proxies (for Tomacat, JKmounts are to prefer) here.