{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Anthone 的问题《cross domain ajax》','https://www.manongdao.com/q-426462.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
After I read this article, what I understand is that in order to allow cross-domain ajax calls, I have to set the server response to be Access-Control-Allow-Origin: *(public for testing purpose), and here is my server code, Google AppEngine in Python
self.response.headers.add_header('Access - Control - Allow - Origin:*')
self.response.headers.add_header('content-type', 'application/json', charset = 'utf-8')
self.response.out.write(simplejson.dumps(Jsonobject))
I don't know if that is correct. And my Ajax call
xhr.open("get", "http://example.com", true);
xhr.setRequestHeader("Access-Control-Allow-Origin","example");
I always got this error. Origin null is not allowed by Access-Control-Allow-Origin. How do I configure this? Thank you very much
Access-Control-Allow-Origin, notAccess - Control - Allow - Originself.response.headers.add_header(str)is valid, maybeself.response.headers.add_header(key, name)?*domain doesn't work (at least not for all browsers). You have to use exact domain, full name, with protocol. Likehttp://example.comOriginheader, for ajax call. I'm not sure how to configure rawxhr, but I guess that it's made by browser itself, and you can't modify this value. Anyway, your domain notexampleMay be these lines of code solve your problem.
You can do one thing for that just need to set Access-Control-Allow-Origin & Access-Control-Allow-Headers in CustomeHeaders your web service web.config file.
If you want to allow only for specific domain , you can do that with specific value of domain instead of * value