Home > AJAX > Cross-Origin Resource Sharing

Cross-Origin Resource Sharing

Cross-site HTTP requests are HTTP requests for resources from a different domain than the domain of the resource making the request. Cross-site HTTP requests initiated from within scripts have been subject to well-known restrictions, for well-understood security reasons.
The Web Applications Working Group within the W3C has proposed the new Cross-Origin Resource Sharing (CORS) recommendation, which provides a way to web servers to securely handle cross site requests.
The Cross-Origin Resource Sharing standard works by adding new HTTP headers that allow servers to describe the set of origins that are permitted to read that information using a web browser.
A simple cross site request happen when we will make an https ajax request for login from a page loaded with http protocol (I will give an example of this). This can be happen for an http ajax call to a separate domain.
Here I will show how to make an https ajax call to a WCF service from a page loaded with http.
From the javascript you should make the request in the following way

var url = “https://serveraddress/service1.svc/UserInfo”
var invocation = new XMLHttpRequest();
var invocationHistoryText;

function UserInfo() {
    if (invocation) {
        invocation.open('GET', url, true);
        invocation.onreadystatechange = handler;
    else {
        alert("No Invocation TookPlace At All");

function handler(evtXHR) {
    if (invocation.readyState == 4) {
        if (invocation.status == 200) {
            var response = invocation.response;
            alert("Invocation Errors Occured");

And from the service we need to add header Access-Control-Allow-Origin with value http://Serveraddress to allow cross site request.

  public string UserInfo()
            HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Origin", "http://serveraddress");            
return "This is your information";

Visit for details https://developer.mozilla.org/En/HTTP_access_control

Categories: AJAX
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: