Access wcf rest webservice with JSON

[Nunoestrada]

Hello,

I am trying to use sencha to access a wcf webservice that receives and returns JSON format data. (Cross domain)

I am having the following message in the browser inspector:

OPTIONS http://"link to the resource" 200 (OK)

XMLHttpRequest cannot load http://"link to the resource" Origin http://localhost:81 is not allowed by Access-Control-Allow-Origin.

I have tried many things so far. I tryed to "bypassed" the security using this:

Code:

  WebOperationContext.Current.OutgoingResponse.Headers.Add("Access-Control-Allow-Origin", "*");
  WebOperationContext.Current.OutgoingResponse.Headers.Add("Access-Control-Allow-Headers", "x-requested-with");
  WebOperationContext.Current.OutgoingResponse.Headers.Add("Access-Control-Allow-Headers", "Content-Type");

My code for the call is the following:

Code:

        Ext.Ajax.request({
            url: "http://link to the resource",
            method: "POST",
            params: {
                rData: JSON.stringify({
                CompanyDb: "Company",
                PatientID: "100"    
                })
            },
            //withCredentials: true,
            useDefautXhrHeader: false,
            success:function(resp){
                var obj = JSON.decode(resp.reponseText);
                alert(obj);
            },
            failure:function(resp){ alert("ERRO: " + resp.reponseText);},
            headers:{
                "Content-type": "application/json; charset=utf-8"
            }
            
        });

I have commented the withCredentials line because it would give me this error: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.

What am I doing wrong?

[mitchellsimoens]

Are you trying to use CORS?

[Nunoestrada]

yes

[mitchellsimoens]

If you are going to use withCredentials then the "Access-Control-Allow-Origin header needs to be something more than the wildcard '*' like the domain

[Nunoestrada]

I am only using the withCredentials because I saw that in this guide: http://docs.sencha.com/touch/2-0/#!/guide/ajax in th section Cross Domain Requests, But I don't need to use the credentials for any reason.

All I wanted was to be able to call the wcf webservice properly

[joostvanhassel]

[works, but bad practise]
Are you going to deploy your application as an standalone app on a device and are you using your browser just for testing purposes? In that case you can start Chrome with an extra parameter --disable-web-security so there are no issues with cross domain scripting.
You could do this by creating a shortcut to Chrome and append the parameter to the shortcuts target.

Do not use a browser started this way to browse the internet, as it is not secure! Use at own risk!
[/works, but bad practise]


edit your web.config to include the following:

Code:

  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="YourDomainHere" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>

replace YourDomainHere with your domain, ip, localhost or *

[SchattenMann]

[works, but bad practise]
Are you going to deploy your application as an standalone app on a device and are you using your browser just for testing purposes?

Once the application deployed how one should proceed?

I won't be able to know the ip of every mobile phone using it...or am i missing something?

[joostvanhassel]

Once the application deployed how one should proceed?

I won't be able to know the ip of every mobile phone using it...or am i missing something?

Are you trying to use CORS and withCredentials? Or are you simply trying to fetch some JSON?