Highlighted

CORS AJaX GET

LEGEND ,
Jul 12, 2018

Copy link to clipboard

Copied

Hello, all,

I was just wondering if anyone has successfully accomplished a CORS via AJaX by setting the "Access-Control-Allow-Origin" header to either wildcard (*) or FQDN (www.anothersite.com)?

I found a claim that I can use a CFHEADER tag to set the Access-Control-Allow-Origin and complete a cross-origin request. I was just wondering if anyone else has successfully done the same thing (regardless of server-side language).

V/r,

^ _ ^

Welp.. I found my answer.  "DENY".  Webserver is set to disallow, so even including the special header "Access-Control-Allow-Origin" will not work. 

My job can sometimes be like herding cats.

V/r,

^ _ ^

Views

255

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

CORS AJaX GET

LEGEND ,
Jul 12, 2018

Copy link to clipboard

Copied

Hello, all,

I was just wondering if anyone has successfully accomplished a CORS via AJaX by setting the "Access-Control-Allow-Origin" header to either wildcard (*) or FQDN (www.anothersite.com)?

I found a claim that I can use a CFHEADER tag to set the Access-Control-Allow-Origin and complete a cross-origin request. I was just wondering if anyone else has successfully done the same thing (regardless of server-side language).

V/r,

^ _ ^

Welp.. I found my answer.  "DENY".  Webserver is set to disallow, so even including the special header "Access-Control-Allow-Origin" will not work. 

My job can sometimes be like herding cats.

V/r,

^ _ ^

Views

256

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jul 12, 2018 0
Adobe Community Professional ,
Jul 12, 2018

Copy link to clipboard

Copied

I've done this in .NET. I would assume it would also work in CF, but don't remember testing it recently.

Dave Watts, Fig Leaf Software

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 12, 2018 1
LEGEND ,
Jul 12, 2018

Copy link to clipboard

Copied

I don't know what I'm doing incorrectly, but I can't get it to work.  Looking at the header info, it still shows my staging FQDN as the origin, and nothing about Access-Control-Allow-Origin is present (viewing in DevTools.)

Is it possible that a webserver can be set so that a CF server cannot alter the header in question?

V/r,

^ _ ^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 12, 2018 0
LEGEND ,
Jul 12, 2018

Copy link to clipboard

Copied

Welp.. I found my answer.  "DENY".  Webserver is set to disallow, so even including the special header "Access-Control-Allow-Origin" will not work. 

My job can sometimes be like herding cats.

V/r,

^ _ ^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jul 12, 2018 0