AnsweredAssumed Answered

Handle Cross Domain issues in Gateway

Question asked by Nicolas Afonso Employee on Sep 23, 2015
Latest reply on Sep 25, 2015 by Nicolas Afonso

Hi folks !


My question today is about cross-domain validation.

I implemented some proxies APIs and today I want to call them from my website via Ajax calls.


Nevertheless I am facing issue with cross-domain validation, my browser refusing to handle the response displaying this error message :

XMLHttpRequest cannot load No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '' is therefore not allowed access. The response had HTTP status code 500.

Could you give me the best practices to handle such cases ? From my point of view, I have to set the "Access-Control-Allow-Origin" response header to "*" (wildcard) value because these APIs will in the future be used by clients' browsers, servers, .. I do not want to have a huge list of domains/protocols authorized.


Secondly is it possible to systematically set a header value for request / response messages ? In this specific case if this solution is viable I want all my futures APIs responses include this header.

I look forward hearing from you


Thank you