AnsweredAssumed Answered

Handle Cross Domain issues in Gateway

Question asked by Nicolas Afonso Employee on Sep 23, 2015
Latest reply on Sep 25, 2015 by Nicolas Afonso

Hi folks !

 

My question today is about cross-domain validation.

I implemented some proxies APIs and today I want to call them from my website via Ajax calls.

 

Nevertheless I am facing issue with cross-domain validation, my browser refusing to handle the response displaying this error message :

XMLHttpRequest cannot load https://api.rec-env.com/someProxyAPI. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.website.com' is therefore not allowed access. The response had HTTP status code 500.


Could you give me the best practices to handle such cases ? From my point of view, I have to set the "Access-Control-Allow-Origin" response header to "*" (wildcard) value because these APIs will in the future be used by clients' browsers, servers, .. I do not want to have a huge list of domains/protocols authorized.

 

Secondly is it possible to systematically set a header value for request / response messages ? In this specific case if this solution is viable I want all my futures APIs responses include this header.


I look forward hearing from you

 

Thank you

Outcomes