Cross-Origin Resource Sharing (CORS) for HTTP in

Hi any chance this could be added to HTTP in as this would allow Ajax updates to planner. Ajax seems to work fine desktop browsers, but soon stops after a few attempts on iOS iphone/pad.

I think Safari on iOS doesn’t deal well with the error
XMLHttpRequest cannot load[id]/[id]?value=31.
Origin https://[my site] is not allowed by Access-Control-Allow-Origin.

My understanding all is need is the response header needs to return
Access-Control-Allow-Origin: [request site host name] or “*”


Hi controlCloud,

That’s actually a JavaScript “feature” for security. Check out a short explanation here: I’ve found that often the request will be sent anyway; it depends on your security settings.

If you need a way around, you can have your javascript make a request back at the server that served you the javascript, then use a server-side language like PHP to handle the cross-domain request. Here’s a simple (hacky) php script that will pass the value along (POST the value to the php script):

1 <?php
2 $impURL = “”;
3 $value = $_POST[‘value’];
5 $response = file_get_contents($impURL."?value=".$value);
6 ?>

Thanks I completely misunderstood cross-origin thinking I had to put the html page! That said chrome seems to allow cross-origin when using Ajax call’s to HTTPin on e.imp. Can’t wait for Agents.

Will agents provide a way around this? It’s a royal PITA to have no RESTful API and only have forms posting to send in data…

Same problem here, I can’t call my agent URL invisibly with an ajax call from jQuery. What would be the best way to call agent URLs from a web page?

you can use ajax. I have a few projects doing just that and I am sure many others have done it.

I have this line in my script code, I just copy/pasted from some other code that had it. = true;

maybe check out this post

rocky framework

Browsers I’m sure will only get more sensitive to this because of fears of cross-site scripting.

I think @tbyrne 's idea of making your webserver “reverse proxy” the imp’s is a good way forward

You can also use the “Access-Control-Allow-Origin” header (see this post).

While our examples typically use “Access-Control-Allow-Origin: *” - this can be somewhat dangerous. You can also specificy a specific domain to allow the requests to come from - so if your webpage’s URL that is communicating with teh agent is, you can set a header in the response to say “Access-Control-Allow-Origin: