1 Reply Latest reply on May 31, 2012 7:54 AM by Udo

    XMLHttpRequest crossdomain error when using restful GET glassfish

    FrédéricB
      Hi,
      I try to make a XMLHttpRequest call from my apache server to the apex listener under glassfish with a simple RESTFUL ressource named departement.
      We use apache for static page and some php page. I put a Header set Access-Control-Allow-Origin * in my httpd-vhosts.conf to allow cross domain call.

      When I make my call I get the following error:
      XMLHttpRequest cannot load http://192.168.100.24:8080/apex/localite?departement=61. Origin http://sirius:8888 is not allowed by Access-Control-Allow-Origin.

      Of course I could put allow my static page under the same virtual server of GlassFish and this case have only one domain, but it has many other constraints.

      In my test I use the EXTJS class in the following manner

      var store = Ext.create('Ext.data.Store', {
      autoLoad: true,
      autoSync: true,
      model: 'Departement',
      proxy: {
                     limitParam: undefined,
                     startParam: undefined,
                     pageParam: undefined,
                     noCache: false,
                     api: {
                          create : 'http://192.168.100.24:8080/apex/localite?departement=61',
                          read : 'http://192.168.100.24:8080/apex/localite?departement=61',
                          update : 'http://192.168.100.24:8080/apex/localite/inse'//,
                          //destroy : '/controller/destroy_action'
                     },
      type: 'rest',
      url: 'http://192.168.100.24:8080/apex/localite?departement=61',
      reader: {
      type: 'json',
      root: 'items'
      },
      writer: {
      type: 'json'
      }
      }
      });

      Any help would be welcome. If anyone had an example of using ExtJS form with RESTful apex listener it would be a dream !

      Frédéric
        • 1. Re: XMLHttpRequest crossdomain error when using restful GET glassfish
          Udo
          Hi Frédéric,

          though I can't help you with providing an example right now, I know that you need more headers for Ajax requests. It should (at least) be the following three:
          1. Access-Control-Allow-Origin *
          # which you've already got, though I won't use "*" for security reasons
          2. Access-Control-Allow-Methods POST, GET, OPTIONS, STATUS
          # perhaps additional methods are needed depending on your requests
          3. Access-Control-Allow-Headers *
          # where you might want to tweak the "*" as well and limit it to the ones you actually need.

          There is a comprehensive article on that on [url https://developer.mozilla.org/en/http_access_control]Mozilla Developer Network.

          I hope this helps you solve your problem.

          -Udo

          Edited by: Udo on 31.05.2012 09:53