I'm doing some javascript/jQuery programming for my son's Wordpress website, and I normally like to test on my home computer rather than the live website. His site assumes his domain name throughout, so for testing, I make entries in my hosts file to redirect his domain name to my localhost.
However, I'm trying to test a json callback for a Yahoo finance api, and I get an error about cross-origin resource sharing. Yahoo obviously knows nothing about my hosts file, so it's getting a request from me telling it to send the result to another domain.
I'm not sure if enabling CORS on my local system will help, although I tried doing it. It's possible I'm wrong and it should work, and maybe I enabled it incorrectly, but I suspect I would need to enable it on his real server (on GoDaddy), and I somehow doubt if they would want to do that.
Does anyone know of a way to get around this problem? If there is no fairly simple solution, I guess I will test on the live server, and just use a non-published page for the testing, which should be fairly innocuous.
EDIT
I think I understand better now what's happening. My understanding is that this protects me from having a site intercept data I request by redirecting it to a different address (or something like that).
As requested, here is my test code:
var data = encodeURIComponent('select from yahoo.finance.quotes where symbol in ("GOOG")&env=http://datatables.org/alltables.env&format=json');
var url = 'http://query.yahooapis.com/v1/public/yql ';
jQuery.getJSON(url, 'q=' + data, callback);
My callback function never gets called, so it's not relevant here. I can paste the entire URL into the address bar of either Firefox or Chrome, and get the data back without error, so I know that's right.
I tried the command line "google-chrome --disable-web-security" as suggested by Maximillian Laumeister, and got this error in the console:
XMLHttpRequest cannot load http://query.yahooapis.com/v1/public/yql%20?q=select%20%20from%20yahoo.fina…OG%22)%26env%3Dhttp%3A%2F%2Fdatatables.org%2Falltables.env%26format%3Djson. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.wenboinvestment.com' is therefore not allowed access. The response had HTTP status code 404.
(His website is wenboinvestment.com)