Hi folks !
My question today is about cross-domain validation.
I implemented some proxies APIs and today I want to call them from my website via Ajax calls.
Nevertheless I am facing issue with cross-domain validation, my browser refusing to handle the response displaying this error message :
XMLHttpRequest cannot load https://api.rec-env.com/someProxyAPI. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.website.com' is therefore not allowed access. The response had HTTP status code 500.
Could you give me the best practices to handle such cases ? From my point of view, I have to set the "Access-Control-Allow-Origin" response header to "*" (wildcard) value because these APIs will in the future be used by clients' browsers, servers, .. I do not want to have a huge list of domains/protocols authorized.
Secondly is it possible to systematically set a header value for request / response messages ? In this specific case if this solution is viable I want all my futures APIs responses include this header.
I look forward hearing from you