Cross domain AJAX results in 403 forbidden

0
votes

We are trying to make cross domain AJAX call via POST. If we directly try to access bbb.com from aaa.com it will ask for credentials. Only after giving credentials will we be able to access bbb.com. Now in the same way, when an AJAX call is made to a different domain, in this case bbb.com I'm receiving a 403 forbidden error.

I tried adding the authorization header and now in the request header, I see the below headers but even after having authorization header I'm still having the issue.

Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Access-Control-Request-He... authenticationindicator,authorizationtoken
Access-Control-Request-Me... POST
Authorization Basic TG9uZG9uOkJiZ0JlbjE4NTk=
Cache-Control no-cache
Host aaa.com
Origin bbb.com
Pragma no-cache
Proxy-Connection keep-alive
User-Agent Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0

Does anyone know how we can solve the 403 forbidden issue?

4
javascriptjqueryajaxhttp-headers
What does bbb.com reply when you make the same request from bbb.com (same orogin)? A 403 does not produced by the same-origin policy restriction but provided by your server on bbb.com due to it's configuration, etc.marekful
You are problably looking for a JSONP solution or set up a server-side proxy that handles the request towards the other domain. Have a look here: stackoverflow.com/questions/2558977/ajax-cross-domain-callTobias Nilsson

4 Answers

3
votes

Sounds like a Cross Origin issue - https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS

You probably want to add something the headers returned from bbb.com, like so:

Access-Control-Allow-Origin: *

Hope that helps, Chris

1
votes

You can't make cross-domain AJAX calls.

If you wan't to get some infos from another domain as your own, you can do it server site with PHP for example and then make an ajax call to your own php script.

Another solution is to use JSONP

1
votes

ajax doesnt allow cross domain calls. use jsonp for this purpose. http://jsonp.jit.su/

1
votes

Ajax does not allow cross-domain calls. If you want to do it that way, you can make your Ajax code call PHP (or whatever you choose) code which can access bbb.com and you can return this data to the client.