Hi Before now I've had to write a handler(ashx) to forward the request to the correct server. But you have to be very security conscious and protect all calls made to it.
Davy Sent from my iPhone > On 13 Oct 2015, at 08:07, David Burstin <david.burs...@gmail.com> wrote: > > Firstly, thanks again to everyone who has taken the time to look at this. > > Yes, it turns out that it is a firewall issue. :( > > So, given that having a web page talk to a web service at a different origin > is not a crazy or unusual situation, how do you guys deal with this? How do > you make the web page work, given that you can't go to everyone who looks at > your site and ask them to change their firewall rules, no matter how dumb > they are (the firewall rules and the people you are talking to)? > > Or is it just not possible? > > Cheers > Dave > >> On 13 October 2015 at 16:53, Thomas Koster <tkos...@gmail.com> wrote: >> On 13 October 2015 at 15:39, David Burstin <david.burs...@gmail.com> wrote: >> > My response headers don't have "Access-Control-Allow-Origin". Any ideas >> > why? (I am about to hit google) >> >> On 13 October 2015 at 16:11, Thomas Koster <tkos...@gmail.com> wrote: >> > Are you using a proxy, firewall or browser plugin that is removing them? >> > If you suspect this, try HTTPS (although a browser plugin can still bite >> > you). >> >> On 13 October 2015 at 16:15, David Burstin <david.burs...@gmail.com> wrote: >> > Thanks Thomas. Definitely not a plugin, possibly a proxy or firewall issue. >> > I will talk to the guys here who know more about this than me. >> >> At first, looking at your screenshot, I didn't think that a proxy or >> firewall was removing headers because outgoing headers look fine and >> rubbish headers like "X-Powered-By" did make it through. (Why include >> "X-Powered-By" on a whitelist but not CORS headers?!). But then I >> noticed that "X-AspNet-Version" is also missing from your >> screenshot... >> >> -- >> Thomas Koster >