Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
A consumer is trying to call my REST API from client-side code (Javascript / Jquery). Now, as expected – they receive a security error because of the Same Origin Policy.
I know one workaround is for the API to respond with JSON-P.
Would adding Access-Control-Allow-Origin: * to the header also fix the issue? Is it a better workaround?
Unless you have a specific list of domains that you want to allow access from while restricting access from all other domains I would stick with JSON-P. In my experience CORS has spotty browser support and can be finicky to implement.