I'm filling in the gaps for a project that is using an older method of doing a web service via an ASMX. The ASMX works fine, but due to the nature of the solution I'm working in, local debug via VS2010 has the ASMX on a localhost port that is different than the localhost of the simple test I am running against it. Now I know the ASMX works because if I invoke it directly I get the results I expect. The existing calls are all made on the same domain in the live environment so we have no problems. However, in my dev environment, because the localhost port is different for the ASMX vs the Test case, we have a Same-Origin-Policy problem from javascript.
Now, if it were my project, I'd simply convert the asmx to a WCF, install the Cors Lib and the Web API which relax those policies and be done with it. However it's not, so here we are. I am nearly positive but I wanted to ask anyone that might know for sure: It is my understanding that Cross-Domain requests via Ajax with JSON are not possible. I have research the crap out of this and not a single stack overflow or blog site has said otherwise, though many, MANY of those sites claim that simply setting the headers to accept content-type, setting the domain origin to allow access etc all work - but specifically the issue is with the json call. When you send across a json call, it preflights the request which sends the OPTIONS header first, and every modern browser that supports CORS will then strip any headers you add at this point. Stripping those headers obviously causes your request to fail with a http 500 error. I have inspected this very closely with fiddler and found this to be the case.
So if anyone could confirm that, great. Further, if anyone has a work around (besides JSONP, which only permits GET requests, and this MUST be a POST) I'd be ever so grateful. The only work around I know of is using a proxy domain to trick it into believing the origin is the same as the request destination, which is really really overkill and just not worth it IMO. Here's a sample of the call I need to make from local deployment to my other local deployment.
Code: Select all
//replaced sensitive data below for posting online
function localtestProductionservice() {
var dataToSend = { testData: $("#testJob").val() };
$.ajax({
crossDomain: true,
type: "POST",
url: "http://localhost:8080/LiveWorkingService.asmx/DoWork",
data: JSON.stringify(dataToSend),
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (response) {
alert("Test Complete:");
},
error: function (xhRequest, ErrorText, thrownError) {
alert("Test Error: " + xhRequest.responseText);
}
});
}
So it's a very nuanced reason why it doesn't work cross-domain whereby other folks online have had theirs work - but again I believe it has to do with how the headers are stripped of their added values which the service expects to handshake in a sense, but because the contentType is not one of a few default "safer" types the service might expect, the request is preflighted by the browser to see if this contentType is even permitted, headers stripped, then it fails to make the request due to missing headers. It's also inconsistent due to a bug in Chrome where the request is sent even if the preflight fails. So I've been using FireFox to inspect various results.