CORS Access-Control-Allow-Origin header stripped by watchguard

5
votes

I have a website on www.example.com that uses AJAX to access JSON via a nodejs-API on api.example.com. (Cross-domain!) I need the PUT and DELETE as HTTP-methods, thats why I can't use jsonp, i looked up how CORS works, and implemented that via the Access-Control-Allow-Origin headers.

When i work on my local environment (www.example.dev and api.example.dev) my setup works. My API return the correct headers (Access-Control-Allow-Origin) and I succeed in doing cross domain requests.

When I deploy online, my setup doesn't work anymore, because the headers get blocked by the company watchguard firewall. I could ask to allow my public API, but i'm afraid someone else will have the same issues in his or her restricted environment.

Is there any other way to solve this?

1
ajaxcross-domaincors
When you say "company", do you mean your hosting company? You might want to chat with them to see why they block these headers, and if they can allow them.monsur
@monsur I mean the company where I work. I could ask them to allow those headers, but when i deploy my application, other companies will be using the application, I can't depend on those companies modifying there settings for my app to work.Ernie

1 Answers

1
votes

For those interested: I use easyXDM for cross domain messaging. That solved my problem. http://easyxdm.net/wp/