Allowing cross-domain requests in Safari and Chrome? Server response vs. command line arguments

Question

I am trying to make cross-domain requests with Safari on Windows. My Safari version is 5.1.2.

This is a classical question. I read in many places that Chrome and Safari allows cross domain requests as long as Server responds with the followin header in the response

Access-Control-Allow-Origin: *

I have read this post. How to allow cross-domain requests in Safari? and many others on the stackoverflow site too.

However, none of them answers my question.

I am having problems with Chrome AND Safari doing cross-domain AJAX requests even though I am sending the necessary header back from the server.

I finally ran Chrome with "--disable-web-security". Then it worked.

My questions:

1) What do I do with Safari? Do I use a similar command line argument?

2) More importantly, can I someone please tell me whether cross-domain functionality is allowed in Chrome and Safari by default as long as server responds with the header or do I have to make sure that

a) server responds with a header

AND

b) browser is started with a proper argument.

Answer 1

I found the problem. Reading more about CORS helped html5rocks.com/en/tutorials/cors. I realized that my requests were triggering preflight requests (OPTIONS) and the server was not set up to handle these requests properly. The reason it was causing preflight requests was because I was using JQuery and it was adding a custom header into my requests. I modified my code to prevent addition of this extra header and my requests no longer needed preflight requests. Now I do not have to disable web security and it works fine.