XmlHttpRequest cross-domain [duplicate]

Question

This question already has answers here:

Ways to circumvent the same-origin policy (8 answers)

Closed 8 years ago.

Im trying to make requests to a remote Rest (put method) api

var xhReq = new XMLHttpRequest();
xhReq.open("PUT", "http://api-easybib.apigee.com/2.0/rest/cite", true);
xhReq.setRequestHeader('Content-Type', 'application/json');
var jsonString = "{...}";

xhReq.send(JSON.stringify(jsonString));

var serverResponse = xhReq.responseText;

it fails with

No 'Access-Control-Allow-Origin' header

although i succeeded to make call via rest client browser plugins.

What am i missing?

Answer 1

Because cause security, all browser are not accept a ajax cross-origin request from your site.

In order to browser accept a ajax cross-origin request, server code must set header "Access-Control-Allow-Origin" to response to notify browser that it accept a ajax cross-origin request.

In a browser plugin (ex: chrome app), chrome allow developer config to send request cross-origin. So you can send cross-domain request in REST Client plugin. (http://developer.chrome.com/apps/app_external.html#manifest)

Answer 2

Add the Access-Control-Allow-Origin on your server or use JSONP (see What is JSONP all about?)