Ajax issue with Zscaler

Question

On my page I have this ajax call:

$.getJSON(
    "@Url.Action("GetSchedulers")",
    { start: start, end: end },
    function(data) {
       fillCalendar(data);
    }
);

Everything works OK, except when I try to access it behind a Zscaler proxy, then the browser returns a CORS error:

"No 'Access-Control-Allow-Origin' header is present on the requested resource."

The Request url is https://gateway.zscaler.net/auD?origurl={my_url}.

Does anyone know how to send the request without it being filtered by zscaler?

Answer 1

You need to enable CORS in your ASP.NET website, and allow the https://gateway.zscaler.net domain. CORS is required when a resource in a page (e.g. AJAX request) is to a different domain than what was used to serve the page. According to RFC 6454, the scheme (http vs https), address, and port must match.

Assuming you have an ASP.NET web API project serving GetSchedulers requests, follow the Asp.Net WebAPI instructions:

1. Add the Microsoft.AspNet.WebApi.Cors nuGet package
2. Add config.EnableCors(); to the void Register(HttpConfiguration config) method
3. Add this attribute to your controller: [EnableCors(origins: "https://gateway.zscaler.net", headers: "*", methods: "*")]

If you're using a different server side implementation, then the instructions will be slightly different. For example, if you're using OWIN, then use the Microsoft.Owin.Cors nuGet package.

Answer 2

Try using JSON-P for the request: http://json-p.org/. If this doesn't work, look into configuring the backend resource to accept requests from a different domain.