I'm trying to make a cross-domain asynchronous GET request via jQuery's ajax
and I'm getting a lot of trouble understanding what's going on and web browsers error messages.
First, here is the CoffeeScript code:
$(document).on('submit', '.myform', (e) ->
try
foo = 'val'
settings =
data: { foo: foo }
type: 'GET'
dataType: 'json'
success: (data, textStatus, jqXHR) ->
console.log data if debug?
console.log textStatus if debug?
error: (jqXHR, textStatus, errorThrown) ->
console.warn textStatus if debug?
console.warn errorThrown if debug?
$.ajax('http://anotherserver.tld/api', settings)
catch error
console.error error
finally
return false
)
I understood that json
is a valid data type only if you set up a cross domain file on the host serving the JavaScript. Here is the one I used (let's call the server my_server.tld
):
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<!-- Read this: https://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html -->
<!-- Most restrictive policy: -->
<!-- <site-control permitted-cross-domain-policies="none"/> -->
<!-- Least restrictive policy: -->
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>
(this is from HTML5 Boilerplate)
When I try this code, I get the following error:
[Error] XMLHttpRequest cannot load http://anotherserver.tld/api?foo=val. Origin http://my_server.tld is not allowed by Access-Control-Allow-Origin.
This is confusing to me. Is it something missing or a buggy configuration on my_server
or anotherserver
? Are crossdomain.xml
files relevant for this kind of issues?
Cause, even if I don't have access to anotherserver.tld
, I tried this code using my_other_server
and I could totally see the request in my_other_server
access logs.
Thanks for your help.
(for the record, I also tried switching to jsonp
but then I get a parse error on something that looks like perfectly fine JSON data... some hair was lost)
Update: this is the crossdomain.xml
file from anotherserver.tld
:
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>