Openfire and strophe.js: not allowed by Access-Control-Allow-Origin

If it doesn't work even after enabling CORS in Openfire and changing the domain policy to accept all, then check your URL for Openfire. You may need to add '/' at the end (e.g. 'http://dimain:7070/http-bind/').

Without the slash it didn't work for me.

Thanks to @SamGoody for pointing this out. As of version 3.8.0, OpenFire now supports1 CORS[2], which is needed for your use case. To enable it, go to the OpenFire admin console, Server, Server Settings, HTTP Binding tab. Ensure that "Provides support for CORS (Cross-Origin Resource Sharing)" is Enabled, with a domain list of * (these are the defaults).

Another option is to setup your apache server to proxy port 7070 so you're not dealing with cross-domain issues per se. The code for that looks something like this inside of your httpd.conf file:

ProxyRequests Off
ProxyPass /http-bind http://127.0.0.1:7070/http-bind/
ProxyPassReverse /http-bind http://127.0.0.1:7070/http-bind/

If you log in to the admin panel, go to the Server Settings tab, then to HTTP Bindings, check both options (HTTP Binding and Script Syntax) are set to Enabled

I had faced same issue and come to know that port was not open for access. Though it browser says it is CORS Access-Control-Allow-Origin issue. This is sometimes open port issue. Please make sure http bind port is open and can be accessible over tcp on system your are testing.