Only simple response headers are exposed when using CORS.  Simple response headers are defined [here][1].  `ETag` is not a simple response headers.  If you want to expose non-simple headers, you need to set the `Access-Control-Expose-Headers` header, like so:

    Access-Control-Expose-Headers: ETag

However, note that I&#39;ve noticed bugs in Chrome, Safari and Firefox that prevent non-simple headers from being exposed correctly.  This may be fixed by now, I&#39;m not sure.

You shouldn&#39;t need to do a preflight request, since preflight is only required for non-GET/POST http methods or non-simple *request* headers (and you are asking about *response* headers).


  [1]: http://www.w3.org/TR/cors/#simple-response-header

Have you ever tried AJAX 2.0 (Cross domain sharing) is a methodology fairly recently brought out by W3C: http://www.w3.org/TR/XMLHttpRequest2/#ref-cors

Also there is another way of doing this, which is called JSON-P, it&#39;s like a JSON request, but you can use it for cross-domains: http://en.wikipedia.org/wiki/JSONP

Both can be very dangerous to the site owners if not setup correctly though. So do be careful when using it.

[PS]
Not sure if this will help : http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

Why the [following example][1] shows the image in Firefox 4, but not in Chrome 10 and Internet Explorer 8?

HTML:

    &lt;div style=&quot;background-image: url(&#39;http://www.mypicx.com/uploadimg/1312875436_05012011_2.png&#39;)&quot;&gt;&lt;/div&gt;

CSS:
   
    div {
        width: 60px;
        height: 60px;
        border: 1px solid black;
    }

Any ideas for workarounds?

  [1]: http://jsfiddle.net/dvqU8/13/

Why an inline &quot;background-image&quot; style doesn&#39;t work in Chrome 10 and Internet Explorer 8?

I have php script that must be runned from console (php-cli). But configuration of php.ini for php-cli was incorrect. I fix it, but when I run script a had error with php config, because php.ini uses an old. 

How I can reload php.ini for console without restart server?

php.ini reload in php-cli

A simple GET request with no custom headers. The response is returned as expected. The data in the body is accessible, but not the headers.

When I try to access the &quot;etag&quot; header, browsers raise an exception :
&gt; Refused to get unsafe header &quot;etag&quot;

Chrome, Safari and Firefox all behave the same. I didn&#39;t test it on IE.

What am I missing here?

Cross Domain Resource Sharing GET: &#39;refused to get unsafe header &quot;etag&quot;&#39; from Response

A simple GET request with no custom headers. The response is returned as expected. The data in the body is accessible, but not the headers.
When I try to access the "etag" header, browsers raise an exception :
> Refused to get unsafe header "etag"
Chrome, Safari and Firefox all behave the same. I didn't test it on IE.
What am I missing here?

I am reading this [JavaScript: Alert.Show(message) From ASP.NET Code-behind][1]


  [1]: http://archive.devnewz.com/devnewz-3-20061129JavaScriptAlertShowmessagefromASPNETCodebehind.html

I am trying to implement the same. So I created a static class like this:

   

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Data;
    using System.Data.SqlClient;
    using System.Web;
    using System.Text;
    using System.Web.UI;
    
    namespace Registration.DataAccess
    {
        public static class Repository
        {
            /// &lt;summary&gt; 
            /// Shows a client-side JavaScript alert in the browser. 
            /// &lt;/summary&gt; 
            /// &lt;param name=&quot;message&quot;&gt;The message to appear in the alert.&lt;/param&gt; 
            public static void Show(string message) 
                { 
                   // Cleans the message to allow single quotation marks 
                   string cleanMessage = message.Replace(&quot;&#39;&quot;, &quot;\&#39;&quot;); 
                   string script = &quot;&lt;script type=&quot;text/javascript&quot;&gt;alert(&#39;&quot; + cleanMessage + &quot;&#39;);&lt;/script&gt;&quot;; 
    
                   // Gets the executing web page 
                   Page page = HttpContext.Current.CurrentHandler as Page; 
    
                   // Checks if the handler is a Page and that the script isn&#39;t allready on the Page 
                   if (page != null &amp;&amp; !page.ClientScript.IsClientScriptBlockRegistered(&quot;alert&quot;)) 
                   { 
                     page.ClientScript.RegisterClientScriptBlock(typeof(Alert), &quot;alert&quot;, script); 
                   } 
                } 
        }
    }

On this line: 

    string script = &quot;&lt;script type=&quot;text/javascript&quot;&gt;alert(&#39;&quot; + cleanMessage + &quot;&#39;);&lt;/script&gt;&quot;; 

It is showing me the error: **; Expected**

And also on 

    page.ClientScript.RegisterClientScriptBlock(typeof(Alert), &quot;alert&quot;, script); 

Err: **The type or namespace name &#39;Alert&#39; could not be found (are you missing a using directive or an assembly reference?)**

What am I doing wrong here? 

JavaScript: Alert.Show(message) From ASP.NET Code-behind

I need to know if the browser that&#39;s identifying itself via user agent string as being IE7 or IE8 is really those browsers, or whether it&#39;s IE9 in 7 or 8 compatibility mode.

From what I can see in the user agent string, an IE9 in IE7 compatibility mode, provides an identical string to a real IE7. Is there an extra property/element/object that I can test to see if it&#39;s &quot;really&quot; IE9 in disguise?

I assume the document mode won&#39;t help as the page my script is loaded into could either be forcing quirks or forcing a specific setting.

I&#39;m hoping that IE9 will have some property that exists and is testable regardless of whether it&#39;s in 7, 8 or 9 mode.

---
&lt;sub&gt;*Edited to add…*&lt;/sub&gt;

OK, I see where I was going wrong now. I was using the &quot;Browser Mode&quot; dropdown and switching it to IE8 and IE7 and thinking this was &quot;IE8 compatibility mode&quot; and &quot;IE7 compatibility mode&quot; respectively. This is of course not true. The developer tools&#39; Browser mode really is switching it to &quot;be like&quot; those old browsers, so it&#39;s only right that the original useragent strings be reported.

If I leave the browser mode in IE9 or IE9 compatibility and try the document mode dropdown variants instead, then I do in fact get &quot;Trident/5.0&quot; present in all 8 combinations (two browser modes and 4 document modes). I just need to steer clear of choosing browser mode IE7 and IE8 because they really are (simulated) IE7 and IE8.

So there&#39;s no way a page, a non-developer user, a meta tag, or Microsoft&#39;s compatibility list will be able to put IE9 into this unidentifiable state.

Just using `if(navigator.userAgent.indexOf(&quot;Trident/5&quot;)&gt;-1)` will be sufficient.

Don&#39;t worry, this isn&#39;t for styles, formatting, logic or page content. I use feature detection for those things. I just need to detect IE9 (regardless of what mode it&#39;s in) and make a non-page content decision on that.

Thanks for steering me towards the answer with your suggestions and links.


JavaScript: Can I detect IE9 if it&#39;s in IE7 or IE8 compatibility mode?

I&#39;ve been seeing this syntax on a few libraries now and I&#39;m wondering what the benefit is.  (note i&#39;m well aware of closures and what the code is doing, I&#39;m only concerned about the syntactical differences)

    !function(){
      // do stuff
    }();

As an alternative to the more common

    (function(){
      // do stuff
    })();

for self invoking anonymous functions.

I&#39;m wondering a few things.  First off, what is allowing the top example to actually work?  Why is the bang necessary in order to make this statement syntactically correct?  I&#39;m told also that `+` works, and I&#39;m sure some others, in place of `!`

Second, what is the benefit?  All I can tell is that it saves a single character, but I can&#39;t imagine that&#39;s such a huge benefit to attract numerous adopters.  Is there some other benefit I&quot;m missing?  

The only other difference I can see would be the return value of the self invoking function, but in both of these examples, we don&#39;t really care about the return value of the function since it&#39;s used only to create a closure.  So can someone tell me why one might use the first syntax?

javascript function leading bang ! syntax

I have an iframe that contains a textarea, like so:

    &lt;html&gt;
    &lt;body&gt;

    &lt;form id=&quot;form1&quot;&gt;
    &lt;div&gt;
        &lt;textarea id=&quot;area1&quot; rows=&quot;15&quot;&gt;&lt;/textarea&gt;
    &lt;/div&gt;
    &lt;/form&gt;

    &lt;/body&gt;
    &lt;/html&gt;

I want to get the textarea text in the parent page. I&#39;ve tried this:

    var text = $(&#39;#frame1&#39;).contents().find(&#39;#area1&#39;).val();

But an empty string is returned. However, if I put a value within &amp;lt;textarea&gt; tags this value is returned successfully:

    &lt;textarea id=&quot;area1&quot; rows=&quot;15&quot;&gt;something&lt;/textarea&gt;

How can I get the value of the textarea from the page which contains the iframe?




Get textarea text with JavaScript or jQuery

Is there a way to do something similar to either of the following:

    var1 = 10; var2 = 20;
    var operator = &quot;&lt;&quot;;
    console.log(var1 operator var2); // returns true

-- OR --

    var1 = 10; var2 = 20;
    var operator = &quot;+&quot;;
    total = var1 operator var2; // total === 30

Are Variable Operators Possible?

Please could someone help me work out how to get started with JSONP?

Code:

    $(&#39;document&#39;).ready(function() {
        var pm_url = &#39;http://twitter.com/status&#39;;
        pm_url += &#39;/user_timeline/stephenfry.json&#39;;
        pm_url += &#39;?count=10&amp;callback=photos&#39;;
        var photos = function (data) {
         alert(data);
        };
        $.ajax({
            url: pm_url,
            dataType: &#39;jsonp&#39;,
            jsonpCallback: &#39;photos&#39;,
            jsonp: false,
        });
    });

Fiddle: http://jsfiddle.net/R7EPt/6/

Should produce an alert, as far as I can work out from the documentation: isn&#39;t (but isn&#39;t producing any errors either).

thanks. 

Basic example of using .ajax() with JSONP?

So I&#39;m trying to make a very basic node.js server that with take in a request for a string, randomly select one from an array and return the selected string.  Unfortunately I&#39;m running into a few problems.

Here&#39;s the front end:

    function newGame()
    {
       guessCnt=0;
       guess=&quot;&quot;;
       server();
       displayHash();
       displayGuessStr();
       displayGuessCnt();
    }
     
    function server()
    {
       xmlhttp = new XMLHttpRequest();
	
       xmlhttp.open(&quot;GET&quot;,&quot;server.js&quot;, true);
       xmlhttp.send();
	
       string=xmlhttp.responseText;
    }

This should send the request to server.js:

    var http = require(&#39;http&#39;);

    var choices=[&quot;hello world&quot;, &quot;goodbye world&quot;];

    console.log(&quot;server initialized&quot;);

    http.createServer(function(request, response)
    {
        console.log(&quot;request recieved&quot;);
        var string = choices[Math.floor(Math.random()*choices.length)];
        console.log(&quot;string &#39;&quot; + string + &quot;&#39; chosen&quot;);
        response.on(string);
        console.log(&quot;string sent&quot;);
    }).listen(8001);

So clearly there are several things going wrong here:

   1. I get the feeling the way I am &quot;connecting&quot; these two files isn&#39;t correct both in the `xmlhttp.open` method and in using `response.on` to send the string back to the front end.

   2. I&#39;m a little confused with how I call this page on localhost.  The front end is named index.html and the sever posts to 8001.  What address should I be go to on localhost in order to access the initial html page after I have initialized server.js? Should I change it to `.listen(index.html)` or something like that?

   3. are there other obvious problems with how I am implementing this (using `.responsetext` etc.)

(sorry for the long multi-question post but the various tutorials and the node.js source all assume that the user already has an understanding of these things.)


Basic Ajax send/receive with node.js

I&#39;m just starting to get into backbone.js. It looks like it&#39;s pretty involved and won&#39;t be something you can just look at one example and say, &quot;Well, that&#39;s easy!&quot; and start being productive with it. It does look good though.

The documentation is okay, but I find myself not understanding the &#39;big picture&#39; very well, and how all of these components work together. The way events are bound and rendered in the various views actually seems like a lot of entanglements. I understand the need for separation of concerns, but I am actually wondering if it&#39;s just a tad over-engineered.

Essentially... I won&#39;t be able to be immediately productive with backbone.js. There is going to be a a day or two learning curve I think.

What is the best way to get into backbone.js? Just keep chugging along, or are there some larger sample applications to download somewhere to look at?

Are there better alternatives that might be easier to learn and offer the same sort of benefits? For me, productivity and intuitiveness are pretty important. I sort of feel like the way backbone.js works is a little foreign. That could just be me.

Put another way, would it maybe be better to develop my application without a library like backbone and sort of organically create a framework like backbone.js but more like something that is intuitive to me and something more inline with the resultant code base?

I&#39;ve been trying to get simple examples to work with my own code, and I get no Javascript errors... but it doesn&#39;t work. There&#39;s a good chance that &quot;one minor thing&quot; is wrong... but I&#39;m beginning to feel that debugging my backbone applications might be a problem... so perhaps organically growing my own might actually be a better option for my own sanity. Debugging in the dark is a real productivity killer... and honestly, I&#39;d rather do my own framework and write my own code if it spares me hours of endless debugging.

I don&#39;t know what to do - hence why I am asking.

What is the best way to learn backbone.js? Any other alternatives?

I don&#39;t really understand what `delegate` and `promise` are. 

According to the docs - 

- `delegate` would bind a selector and event to some sort of wrapping container that can be used again at a later time for current and future items.
- `promise()` would remap things back to when it was first bounded if everything newly loaded matches. Maybe I don&#39;t really understand this promise method.

What if the wrapper is still there, but the contents in the wrapper container have changed, and/or reloaded via `Ajax`? Why is it that the events are not triggering or working as it would the first time it is bound?

And yes, I have been to the docs page, I just don&#39;t understand their explanations completely.

how does jquery&#39;s promise method really work?

I&#39;m stuck: I&#39;m trying to submit a form using AJAX, but I can&#39;t find a way to send multiple data fields via my AJAX call.

    $(document).ready(function() {
      $(&quot;#btnSubmit&quot;).click(function()	{
        var status = $(&quot;#activitymessage&quot;).val();
        var name = &quot;Ronny&quot;;
        $.ajax({
          type: &quot;POST&quot;,
          url: &quot;ajax/activity_save.php&quot;,
          **data: &quot;status=&quot;+status+&quot;name=&quot;+name&quot;**,
          success: function(msg) {...

I&#39;ve tried all sorts of stuff:

    data: {status: status, name: name},

Or even stuff like this just for testing purposes:

    data: &quot;status=testing&amp;name=ronny&quot;,

But whatever I try, I get nothing in my `activity_save.php` thus nothing in my SQL.

So, what&#39;s the correct syntax to put more lines of data in my AJAX call?

How to send multiple data fields via Ajax?

Many people have been saying, use pushState rather than hashbang.

What I don&#39;t understand is, how would you be search-engine friendly without using hashbang?

Presumably your pushState content is generated by client-side JavaScript code.

The scenario is thusly:

I&#39;m on `example.com`. My user clicks a link: `href=&quot;example.com/blog&quot;`

pushState captures the click, updates the URL, grabs a JSON file from somewhere, and creates the listing of blog posts in the content area.

With hashbangs, google knows to go to the escaped_fragment URL to get their static content.

With pushState, Google just sees nothing as it can&#39;t use the JavaScript code to load the JSON and subsequently create the template.

The only way to do it I can see is to render the template on the server side, but that completely negates the benefits of pushing the application layer to the client.

So am I getting this right, pushState is not SEO friendly for client-side applications at all?


pushState and SEO

Where is it acceptable to put css folders and image file folders? I was thinking inside the view folder? However the controller always reroutes the path to the base url so I have to specify the path in the .html file to where it sits, which is redundant.

Where do I put image files, css, js, etc. in Codeigniter?

I&#39;m running JBoss AS7 in a standalone mode using ./standalone.sh. This binds JBOSS to only localhost. Is there a way to bind it to all the hosts, I mean 0.0.0.0.

The older versions had the -b option to pass 0.0.0.0, I can&#39;t find any options to use over here.


Binding JBoss AS 7 to all interfaces

I&#39;m kind of new in Spring and hibernate so I&#39;m trying to implement some simple web application based on Spring 3 + hibernate 4
while I start tomcat I have this exception:

    java.lang.NoClassDefFoundError: org/hibernate/cache/CacheProvider
	at java.lang.Class.getDeclaredMethods0(Native Method)
	at java.lang.Class.privateGetDeclaredMethods(Class.java:2427)
	at java.lang.Class.getDeclaredMethods(Class.java:1791)
        ...
    Caused by: java.lang.ClassNotFoundException: org.hibernate.cache.CacheProvider
	at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1678)
	at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1523)

I&#39;ve found that this class was in hibernate-core for hibernate 3 but I&#39;ve not found it in hibernate 4. 

The part of my context.xml for persistence:

    &lt;bean id=&quot;dataSource&quot; class=&quot;org.apache.commons.dbcp.BasicDataSource&quot;&gt;
		&lt;property name=&quot;driverClassName&quot; value=&quot;org.hsqldb.jdbcDriver&quot;/&gt;
		&lt;property name=&quot;url&quot; value=&quot;jdbc:oracle:thin:@IP_Address:SID&quot;/&gt;
		&lt;property name=&quot;username&quot; value=&quot;xxx&quot;/&gt;
		&lt;property name=&quot;password&quot; value=&quot;xxx&quot;/&gt;
		&lt;property name=&quot;initialSize&quot; value=&quot;5&quot;/&gt;
		&lt;property name=&quot;maxActive&quot; value=&quot;20&quot;/&gt;
	&lt;/bean&gt;

	&lt;bean id=&quot;sessionFactory&quot; class=&quot;org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean&quot;&gt;
		&lt;property name=&quot;dataSource&quot; ref=&quot;dataSource&quot; /&gt;
		&lt;property name=&quot;packagesToScan&quot; value=&quot;com.huawei.vms.user&quot;/&gt;
		&lt;property name=&quot;hibernateProperties&quot;&gt;
			&lt;props&gt;
				&lt;prop key=&quot;dialect&quot;&gt;org.hibernate.dialect.Oracle10gDialect&lt;/prop&gt;
			&lt;/props&gt;
		&lt;/property&gt;
	&lt;/bean&gt;

Please help me to figure out why it&#39;s trying to load CacheProvider because I dont have any settings for that in context.xml and which jar I have to add in my project.
Thanks!

Exception NoClassDefFoundError for CacheProvider

I&#39;ve been learning Zend and its MVC application structure for my new job, and found that working with it just bothered me for reasons I couldn&#39;t quite put my finger on.  Then during the course of my studies I came across articles such as [MVC: No Silver Bullet][1] and [this podcast][2] on the topic of MVC and web applications.  The guy in the podcast made a very good case against MVC as a web application architecture and nailed a lot of what was bugging me on the head.  

However, the question remains, if MVC isn&#39;t really a good fit for web applications, what is?  


  [1]: http://wardley.org/computers/web/mvc.html
  [2]: http://devzone.zend.com/article/12997

Architecture more suitable for web apps than MVC?

The [Wikipedia entry on HTTP][1] lists the following HTTP request methods:

 - **HEAD:** Asks for the response identical to the one that would correspond to a GET request, but without the response body.
 - **GET:** Requests a representation of the specified resource.
 - **POST:** Submits data to be processed (e.g., from an HTML form) to the identified resource. The data is included in the body of the request.
 - **PUT:** Uploads a representation of the specified resource.
 - **DELETE:** Deletes the specified resource.
 - **TRACE:** Echoes back the received request, so that a client can see what (if any) changes or additions have been made by intermediate servers.
 - **OPTIONS:** Returns the HTTP methods that the server supports for specified URL. This can be used to check the functionality of a web server by requesting &#39;*&#39; instead of a specific resource.
 - **CONNECT:** Converts the request connection to a transparent TCP/IP tunnel, usually to facilitate SSL-encrypted communication (HTTPS) through an unencrypted HTTP proxy.
 - **PATCH:** Is used to apply partial modifications to a resource.

I&#39;m interested in knowing (specifically regarding the first five methods):

 - **which of these methods are able (supposed to?) receive payloads**
   - **of the methods that can receive payloads, how do they receive it?**
     - via query string in URL?
     - via URL-encoded body?
     - via raw / chunked body?
     - via a combination of ([all / some] of) the above?

I appreciate all input, if you could share some (preferably light) reading that would be great too!

  [1]: http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol

Payloads of HTTP Request Methods

What is the difference between these 2? I found few results on google nothing conclusive. 

Here is a follow up question: 

Say I create spring mvc web app annotate couple of classes with @Controller annotation and create something that will successfully transfer some information from front end -&gt; back end and vice versa and perhaps some database might be involved on the back end side. 

What would you call that? Rest web service or servlet or something else ?

Difference between servlet and web service

Is using sessions in a RESTful API really violating RESTfulness? I have seen many opinions going either direction, but I&#39;m not convinced that sessions are *RESTless*. From my point of view:

- authentication is not prohibited for RESTfulness (otherwise there&#39;d be little use in RESTful services)
- authentication is done by sending an authentication token in the request, usually the header
- this authentication token needs to be obtained somehow and may be revoked, in which case it needs to be renewed
- the authentication token needs to be validated by the server (otherwise it wouldn&#39;t be authentication)

So how do sessions violate this?

- client-side, sessions are realized using cookies
- cookies are simply an extra HTTP header
- a session cookie can be obtained and revoked at any time
- session cookies can have an infinite life time if need be
- the session id (authentication token) is validated server-side

As such, to the client, a session cookie is exactly the same as any other HTTP header based authentication mechanism, except that it uses the `Cookie` header instead of the `Authorization` or some other proprietary header. If there was no session attached to the cookie value server-side, why would that make a difference? The server side implementation does not need to concern the client as long as the server *behaves* RESTful. As such, cookies by themselves should not make an API *RESTless*, and sessions are simply cookies to the client.

Are my assumptions wrong? What makes session cookies *RESTless*?

Do sessions really violate RESTfulness?

What response code should be passed to client in case of following scenarios?

1. Invalid data passed while user registration like wrong email format
2. User name/ Email is already exists

I chose 403. I also found following that I feel can be used.

&gt;Wikipedia:

&gt; 412 Precondition Failed : 
&gt;     The server does not meet one of the preconditions that the requester
&gt; put on the request

Suggest code if I should use other than 403.

REST response code for invalid data

I am designing a RESTful web service that needs to be accessed by users, but also other web services and applications. All of the incoming requests need to be authenticated. All communication takes place over HTTPS. User authentication is going to work based on an authentication token, acquired by POSTing the username and password (over an SSL connection) to a */session* resource provided by the service.

*In the case of web service clients, there is **no end user** behind the client service.* The requests are initiated by scheduled tasks, events or some other computer operations. The list of connecting services is known beforehand (obviously, I guess). **How should I authenticate these requests coming from other (web) services?** I want the authentication process to be as easy as possible to implement for those services, but not at the cost of security. What would be the standard and best practices for a scenario like this?

Options that I can think of (or have been suggested to me):

1. Have the client services resort to having a &quot;fake&quot; username and password, and authenticate them in the same way as users. I do not like this option - it just doesn&#39;t feel right.

2. Assign a permanent application id for the client service, possibly an application key as well. As far as I have understood this is just the same as having username + password. With this id and key, I can either authenticate each request, or create an authentication token to authenticate further requests. Either way, I do not like this option, because anyone who can get a hold of the application id and key can impersonate the client.

3. I could add an IP address check to previous option. This would make it harder to perform fake requests.

4. Client certificates. Set up my own certificate authority, create root certificate, and create client certificates for the client services. A couple of issues come to mind, though: a) how do I still allow the users to authenticate without certificates and b) how complicated is this scenario to implement from the client service point of view?

5. *Something else - there must be other solutions out there?* 

My service would be running on Java, but I deliberately left out information about what specific framework it would be built on, because I am more interested on the basic principles and not so much on the implementation details - I assume the best solution for this will be possible to implement regardless of the underlying framework. However, I am a bit inexperienced with this subject, so concrete tips and examples on the actual implementation (such as useful third party libraries, articles, etc.) will be much appreciated as well.

RESTful web service - how to authenticate requests from other services?

I read a lot for the &#39;Access-Control-Allow-Origin&#39; error, but I don&#39;t understand what I have to fix :(

I&#39;m playing with Google Moderator API, but when I try to [add new serie][1] I receive:

    XMLHttpRequest cannot load 
    https://www.googleapis.com/moderator/v1/series?key=[key]
    &amp;data%5Bdescription%5D=Share+and+rank+tips+for+eating+healthily+on+the+cheaps!
    &amp;data%5Bname%5D=Eating+Healthy+%26+Cheap
    &amp;data%5BvideoSubmissionAllowed%5D=false. 
    Origin [my_domain] is not allowed by Access-Control-Allow-Origin.

I tried with and without callback parameter, I tried to add &#39;Access-Control-Allow-Origin *&#39; to the header. And I don&#39;t know how to use $.getJSON here, if apply, because I have to add the Authorization header and I don&#39;t know how to do it without beforeCall from $.ajax :/ 

Any light for this darkness u.u?

That&#39;s the code:

    &lt;script src=&quot;http://www.google.com/jsapi&quot;&gt;&lt;/script&gt;

    &lt;script type=&quot;text/javascript&quot;&gt;

    var scope = &quot;https://www.googleapis.com/auth/moderator&quot;;
    var token = &#39;&#39;;

    function create(){
         if (token == &#39;&#39;)
          token = doCheck();

         var myData = {
	      &quot;data&quot;: {
	    	&quot;description&quot;: &quot;Share and rank tips for eating healthily on the cheaps!&quot;, 
	    	&quot;name&quot;: &quot;Eating Healthy &amp; Cheap&quot;, 
	    	&quot;videoSubmissionAllowed&quot;: false
	      }
	    };
	
	    $.ajax({

	    	url: &#39;https://www.googleapis.com/moderator/v1/series?key=&#39;+key,
	    	type: &#39;POST&#39;,
	    	callback: &#39;?&#39;,
	    	data: myData,
	    	datatype: &#39;application/json&#39;,
	    	success: function() { alert(&quot;Success&quot;); },
	    	error: function() { alert(&#39;Failed!&#39;); },
	    	beforeSend: setHeader

	    });
    }
    
    function setHeader(xhr) {

      xhr.setRequestHeader(&#39;Authorization&#39;, token);
    }

    function doLogin(){	
	    if (token == &#39;&#39;){
 	       token = google.accounts.user.login(scope);
    	}else{
    	   alert(&#39;already logged&#39;);
    	}
    }


    function doCheck(){				
	    token = google.accounts.user.checkLogin(scope);
        return token;
    }
    &lt;/script&gt;
    ...
    ...
    &lt;div data-role=&quot;content&quot;&gt;
        &lt;input type=&quot;button&quot; value=&quot;Login&quot; onclick=&quot;doLogin();&quot;&gt;
    	&lt;input type=&quot;button&quot; value=&quot;Get data&quot; onclick=&quot;getModerator();&quot;&gt;
        &lt;input type=&quot;button&quot; value=&quot;Create&quot; onclick=&quot;create();&quot;&gt;
    &lt;/div&gt;&lt;!-- /content --&gt;


  [1]: http://code.google.com/apis/moderator/v1/using_rest.html#CreatingSeries

Access-Control-Allow-Origin error sending a jQuery Post to Google API&#39;s

I have a simple actionmethod, that returns some json. It runs on ajax.example.com. I need to access this from another site someothersite.com.

If I try to call it, I get the expected...:

    Origin http://someothersite.com is not allowed by Access-Control-Allow-Origin.

I know of two ways to get around this: [JSONP][1] and creating a [custom HttpHandler][2] to 
set the header.

Is there no simpler way?

Is it not possible for a simple action to either define a list of allowed origins - or simple allow everyone? Maybe an action filter?

Optimal would be...:

    return json(mydata, JsonBehaviour.IDontCareWhoAccessesMe);


  [1]: https://stackoverflow.com/questions/5968682/jquery-ajax-json-cross-domain-request-and-asp-net-mvc
  [2]: http://tpeczek.blogspot.com/2010/09/httphandler-with-cross-origin-resource.html

Setting Access-Control-Allow-Origin in ASP.Net MVC - simplest possible method

I am trying to support CORS in my Node.js application that uses the Express.js web framework. I have read [a Google group discussion][1] about how to handle this, and read a few articles about how CORS works. First, I did this (code is written in CoffeeScript syntax):

    app.options &quot;*&quot;, (req, res) -&gt;
      res.header &#39;Access-Control-Allow-Origin&#39;, &#39;*&#39;
      res.header &#39;Access-Control-Allow-Credentials&#39;, true
      # try: &#39;POST, GET, PUT, DELETE, OPTIONS&#39;
      res.header &#39;Access-Control-Allow-Methods&#39;, &#39;GET, OPTIONS&#39;
      # try: &#39;X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept&#39;
      res.header &#39;Access-Control-Allow-Headers&#39;, &#39;Content-Type&#39;
      # ...

It doesn&#39;t seem to work. It seems like my browser (Chrome) is not sending the initial OPTIONS request. When I just updated the block for the resource I need to submit a cross-origin GET request to:

    app.get &quot;/somethingelse&quot;, (req, res) -&gt;
      # ...
      res.header &#39;Access-Control-Allow-Origin&#39;, &#39;*&#39;
      res.header &#39;Access-Control-Allow-Credentials&#39;, true
      res.header &#39;Access-Control-Allow-Methods&#39;, &#39;POST, GET, PUT, DELETE, OPTIONS&#39;
      res.header &#39;Access-Control-Allow-Headers&#39;, &#39;Content-Type&#39;
      # ...

It works (in Chrome). This also works in Safari.

I have read that...

&gt; In a browser implementing CORS, each cross-origin GET or POST request is preceded by an OPTIONS request that checks whether the GET or POST is OK.

So my main question is, how come this doesn&#39;t seem to happen in my case? Why isn&#39;t my app.options block called? Why do I need to set the headers in my main app.get block?


  [1]: http://groups.google.com/group/express-js/browse_thread/thread/71db58df2c74d06a

Why doesn&#39;t adding CORS headers to an OPTIONS route allow browsers to access my API?

I&#39;m doing a ajax call to my own server on a platform which they set prevent these ajax calls (but I need it to fetch the data from my server to display retrieved data from my server&#39;s database).
My ajax script is working , it can send the data over to my server&#39;s php script to allow it to process.
However it cannot get the processed data back as it is blocked by `&quot;Access-Control-Allow-Origin&quot;`

I have no access to that platform&#39;s source/core. so I can&#39;t remove the script that it disallowing me to do so.
(P/S I used Google Chrome&#39;s Console and found out this error)

The Ajax code as shown below:

     $.ajax({
         type: &quot;GET&quot;,
         url: &quot;http://example.com/retrieve.php&quot;,
         data: &quot;id=&quot; + id + &quot;&amp;url=&quot; + url,
         dataType: &#39;json&#39;,   
         cache: false,
         success: function(data)
          {
            var friend = data[1];              
            var blog = data[2];           
            $(&#39;#user&#39;).html(&quot;&lt;b&gt;Friends: &lt;/b&gt;&quot;+friend+&quot;&lt;b&gt;&lt;br&gt; Blogs: &lt;/b&gt;&quot;+blog);
    
          } 
      });

or is there a `JSON` equivalent code to the ajax script above ?  I think `JSON` is allowed.

I hope someone could help me out.

how to bypass Access-Control-Allow-Origin?

Create a web service on **http://www.a.com/service.asmx** and send a cross-domain ajax request to it from **http://www.b.com**. Check the headers in **Firebug**, or in **Live HTTP Headers**, or any other plugin you wish.

There is no trace of the **X-Requested-With** HTTP Header field among request headers. 

However, if you send an ajax request to the same service from the same domain (say for example **http://www.a.com/about**), you will see that header field. 

Why is the **X-Requested-With** header field omitted for cross-domain ajax requests? 

**Update:** I know that JSONP calls are not AJAX calls in nature. Thus you won&#39;t see any **X-Requested-With** header field, in JSONP calls.

Content Type	Original Author	Original Content on Stackoverflow
Question	Localist	View Question on Stackoverflow
Solution 1 - Javascript	monsur	View Answer on Stackoverflow
Solution 2 - Javascript	DarkMantis	View Answer on Stackoverflow

Cross Domain Resource Sharing GET: 'refused to get unsafe header "etag"' from Response

Javascript Problem Overview

Javascript Solutions

Solution 1 - Javascript

Solution 2 - Javascript

php.ini reload in php-cli

Why an inline "background-image" style doesn't work in Chrome 10 and Internet Explorer 8?

Attributions