1 Reply Latest reply on May 31, 2012 7:54 AM by Udo

    XMLHttpRequest crossdomain error when using restful GET glassfish

      I try to make a XMLHttpRequest call from my apache server to the apex listener under glassfish with a simple RESTFUL ressource named departement.
      We use apache for static page and some php page. I put a Header set Access-Control-Allow-Origin * in my httpd-vhosts.conf to allow cross domain call.

      When I make my call I get the following error:
      XMLHttpRequest cannot load Origin http://sirius:8888 is not allowed by Access-Control-Allow-Origin.

      Of course I could put allow my static page under the same virtual server of GlassFish and this case have only one domain, but it has many other constraints.

      In my test I use the EXTJS class in the following manner

      var store = Ext.create('Ext.data.Store', {
      autoLoad: true,
      autoSync: true,
      model: 'Departement',
      proxy: {
                     limitParam: undefined,
                     startParam: undefined,
                     pageParam: undefined,
                     noCache: false,
                     api: {
                          create : '',
                          read : '',
                          update : ''//,
                          //destroy : '/controller/destroy_action'
      type: 'rest',
      url: '',
      reader: {
      type: 'json',
      root: 'items'
      writer: {
      type: 'json'

      Any help would be welcome. If anyone had an example of using ExtJS form with RESTful apex listener it would be a dream !

        • 1. Re: XMLHttpRequest crossdomain error when using restful GET glassfish
          Hi Frédéric,

          though I can't help you with providing an example right now, I know that you need more headers for Ajax requests. It should (at least) be the following three:
          1. Access-Control-Allow-Origin *
          # which you've already got, though I won't use "*" for security reasons
          2. Access-Control-Allow-Methods POST, GET, OPTIONS, STATUS
          # perhaps additional methods are needed depending on your requests
          3. Access-Control-Allow-Headers *
          # where you might want to tweak the "*" as well and limit it to the ones you actually need.

          There is a comprehensive article on that on [url https://developer.mozilla.org/en/http_access_control]Mozilla Developer Network.

          I hope this helps you solve your problem.


          Edited by: Udo on 31.05.2012 09:53