I'm probably missing something but till now haven't figure it out.
I have a MVC application which listens on the web default port (i.e. 80), at the end of the interaction with the user, it sends an ajax post request (using jquery) to a WCF 4 REST service which listens on port 90, sadly enough, I'm not allowed to do so because of the brower same origin policy security issue.
I read that Chrome, Safari and firefox support by default the CORS protocol which allow cross domain requests.
In my server I've added to the response's headers the following: Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Headers and Access-Control-Max-Age.
from what I saw all the cors plugins handle microsoft xdr object and doesn't change the xhr default behavior.
Any help will be appriciated,
Thanks,
Ron
Access-Control-Allow-Origin
header should work and it has to be sent from the service listening on port 90 (just to make sure). – stewe