I am having problems trying to invoke my RESTful web service from a different domain. I'm well aware of the normal restrictions of cross-site / cross-domain scripting but in Oracle documentation it says that all origins are allowed by default when creating a RESTful service without using authentication.
I have created a very simple service and am trying to invoke it using jQuery.Ajax calls from a different domain and I am getting XMLHttpRequest cannot load http://address_to_my_web_service. Origin http://calling_from_address is not allowed by Access-Control-Allow-Origin.
I understand that using JSONP instead of JSON is actually the best practice around cross-site scripting but it appears as though APEX does not support JSONP because with JSONP, there are URI parameters added to the base request (callback).
I am stuck and would greatly appreciate any help.
I'm starting to wonder if this could be a bug because Oracle documentation says all origins should be allowed when using a service that does not require authentication. I also tried to force the origin to be allowed by typing it in and also using the wildcard '*' and it still did not work.
EDIT: It is now working after adding a URI prefix to my web service module.