You develop an HTML application that is located at www.adventure-works.com. The application must load
JSON data from www.fabrikam.com.
You need to choose an approach for loading the data.
What should you do?
A.
Add a crossdomain.xml file to the second server.
B.
Configure Cross-Origin Resource Sharing (CORS) on the servers.
C.
Load the data in a JavaScript timeout callback.
D.
Reference the remote data as an XML resource.
Explanation:
* Cross-origin resource sharing (CORS) is a mechanism that allows Javascript on a web page to make
XMLHttpRequests to another domain, not the domain the Javascript originated from. Such “cross-domain”
requests would otherwise be forbidden by web browsers, per the same origin security policy. CORS defines a
way in which the browser and the server can interact to determine whether or not to allow the cross-origin
request. It is more powerful than only allowing same-origin requests, but it is more secure than simply allowing
all such cross-origin requests.
* You must use Cross Origin Resource Sharing
It’s not as complicated as it sounds…simply set your request headers appropriately…in Python it would look like:
self.response.headers.add_header(‘Access-Control-Allow-Origin’, ‘*’);
self.response.headers.add_header(‘Access-Control-Allow-Methods’, ‘GET, POST, OPTIONS’);
self.response.headers.add_header(‘Access-Control-Allow-Headers’, ‘X-Requested-With’);
self.response.headers.add_header(‘Access-Control-Max-Age’, ‘86400’);