0 Replies Latest reply on Jul 3, 2013 1:37 PM by MarkWilliamson

    Getting "Origin is not allowed" When Trying to Invoke RESTful Service from Another Domain


      I am having problems trying to invoke my RESTful web service from a different domain. I'm well aware of the normal restrictions of cross-site / cross-domain scripting but in Oracle documentation it says that all origins are allowed by default when creating a RESTful service without using authentication.

      I have created a very simple service and am trying to invoke it using jQuery.Ajax calls from a different domain and I am getting XMLHttpRequest cannot load http://address_to_my_web_service. Origin http://calling_from_address is not allowed by Access-Control-Allow-Origin.


      I understand that using JSONP instead of JSON is actually the best practice around cross-site scripting but it appears as though APEX does not support JSONP because with JSONP, there are URI parameters added to the base request (callback).


      I am stuck and would greatly appreciate any help.

      I'm starting to wonder if this could be a bug because Oracle documentation says all origins should be allowed when using a service that does not require authentication. I also tried to force the origin to be allowed by typing it in and also using the wildcard '*' and it still did not work.



      Mark Williamson


      EDIT: It is now working after adding a URI prefix to my web service module.