One of the issues currently with building web applications which use AJAX to access services is, typically you are blocked by the browser security from accessing another domain. This can make it difficult to mix and match solutions and services even within your same company.
e.g. You want to access Domino Data via a REST API (either built in or custom) but serve the client web side using another server and or technology.
When building Web applications which typically use AJAX to call serverside APIs there has really only been 3 options in the past:
- Use relative URLs – meaning the server side element has to be contactable under the same domain.
- Use JSONP – which is workaround and involves dynamic script injection – for this to work though the serverside element has to support it and modify its output.
- Use a proxy – where a server side element contactable under the same domain proxies the actual request serverside and then returns the response.
CORS is a method by which you can enable cross domain requests on the server.
To enable CORS you need to add a new web site rule to any internet sites you wish to enable CORS for.
Internet Site documents are found in the Server Names & Address Book (names.nsf normally)
Web site rules are created via an action button with the Internet Site document.
The rule details you need are:
|Type of rule||HTTP Response headers|
|Incoming URL pattern||*|
|HTTP Response codes||200, 206|
|Expires Headers||Add header only if application did not|
|Custom Headers||Name: Access-Control-Allow-Origin Value: * Override |
Name: Access-Control-Allow-Headers Value: Origin, X-Requested-With, Content-Type, Accept Override
To test your new shiny configuration – assuming your Domino sever is available on the internet – you can use this service: http://client.cors-api.appspot.com/client