0 Replies Latest reply: Jul 3, 2013 8:37 AM by MarkWilliamson RSS

    Getting "Origin is not allowed" When Trying to Invoke RESTful Service from Another Domain

    MarkWilliamson

      I am having problems trying to invoke my RESTful web service from a different domain. I'm well aware of the normal restrictions of cross-site / cross-domain scripting but in Oracle documentation it says that all origins are allowed by default when creating a RESTful service without using authentication.

      I have created a very simple service and am trying to invoke it using jQuery.Ajax calls from a different domain and I am getting XMLHttpRequest cannot load http://address_to_my_web_service. Origin http://calling_from_address is not allowed by Access-Control-Allow-Origin.

       

      I understand that using JSONP instead of JSON is actually the best practice around cross-site scripting but it appears as though APEX does not support JSONP because with JSONP, there are URI parameters added to the base request (callback).

       

      I am stuck and would greatly appreciate any help.

      I'm starting to wonder if this could be a bug because Oracle documentation says all origins should be allowed when using a service that does not require authentication. I also tried to force the origin to be allowed by typing it in and also using the wildcard '*' and it still did not work.

       

      Thanks,

      Mark Williamson

       

      EDIT: It is now working after adding a URI prefix to my web service module.