The browsers stuck on the CORS Policy wich rejects requests across different domains, to prevent xss.
In some cases you want to allow such requests. For instance in a trusted SOA enviroment, where you have to request accross different domains or subdomains.
If you are using apache as your webserver, you can modify your headers and allow your browser to request via script from a other domain.
Here is how it works.
Add a .htaccess for your directory where you want to request to:
Enable headers in apache with:
a2enmod headers
You can restrict the request methods by removing it from the list with allowed verbs to stricten security.
Keine Kommentare:
Kommentar veröffentlichen