By default, for security reasons, you cannot make an AJAX request to a different site from which the page making the request was served.

I guess that what you are doing is running a simple web server on your PC to serve up your HTML/Javascript app which is then attempting to make AJAX requests directly to your IBM i, thus violating the "same origin policy" concept. As mentioned, one way round this is to use CORS but this is not easy to configure IMO and will required changes on the server. A better way would be to modify your test server config on the PC to proxy requests to your IBM i and have all requests go via that by changing your AJAX requests to be relative instead of absolute URLs to your IBM i.

For example, using the simple "http-server" web server (available from NPM), you can just change to the directory on your PC where your web app is located, start the web server and tell it to proxy any requests it cannot find locally to your IBM i - something like this:

cd ./my-web-app-folder
http-server --proxy http://your-ibmi-i/your-webservice

Now, if you point your browser at your web app, "http://localhost:8080"; your index.html page will be displayed, if it makes an AJAX request to "/my-webservice/get-customer/1" then, because this resource cannot be found locally, the local web server on your PC will forward this request to the application server on your IBM i but as far as the browser is concerned, the AJAX request is being made to the same origin as the web page making the request so everything will work as expected.

Tim.

Depending on the server you might be using, you can be more specific about where requests are proxied too.

Tim.

________________________________
From: WEB400 <web400-bounces@xxxxxxxxxxxx> on behalf of Booth Martin <booth@xxxxxxxxxxxx>
Sent: 05 December 2018 03:24
To: Web Enabling the AS400 / iSeries
Subject: [WEB400] Header set Access-Control-Allow-Origin for web services

So far, I like what I am seeing with web service servers.

Next issue: the web service provides the JSON data properly formatted
when it is accessed by the URL in a browser. However when I go after
the same URL with a JavaScript application it tells me "Header set
Access-Control-Allow-Origin violation" and suggestions for changing the
Apache server..

That looks to me like "Beyond this there be dragons." I have neither
the knowledge, desire, nor the authority for this. I am suspecting
therefore that I am misunderstanding what needs to be done. I believe I
am concerned with "XMLHttpRequest()"?

Suggestions?

--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.midrange.com%2Fmailman%2Flistinfo%2Fweb400&amp;data=02%7C01%7C%7Cef684081454d47dd4d7208d65a58c4d7%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636795734633535089&amp;sdata=%2ByU1jMFaW5fpVEphSEq0n1FkwrSCznlXDVyrP9h3erI%3D&amp;reserved=0
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Farchive.midrange.com%2Fweb400&amp;data=02%7C01%7C%7Cef684081454d47dd4d7208d65a58c4d7%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636795734633535089&amp;sdata=0vcU%2BvsdOpgKfz4tXmzwCBAR8y539QIqKXeh7Rq52l8%3D&amp;reserved=0.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.