Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cross-Subdomain Requests

I have two URLs:

One is the application URL = http://domain.com/app One is the application API URL = http://api.domain.com/

How can I get the application to be able to request things from the api at a different subdomain.

I have already tried putting Access-Control-Allow-Origin: * on both sides with no luck.

Thanks

like image 268
Jeff Avatar asked Jun 22 '12 17:06

Jeff


People also ask

Do I need CORS for subdomain?

CORS is not allowing subdomains, so you need to specify them in your server configuration.

Is subdomain considered cross domain?

Cross-domain tracking only applies if you have multiple domains. If you have a single domain with multiple subdomains, cross-domain tracking is not necessary!

Are different subdomains considered cross origin?

Sub-domains are considered different and will fail the Same Origin Policy unless both sub-domains declare the same document.

What is a subdomain name?

A subdomain is, as the name would suggest, an additional section of your main domain name. You create subdomains to help organize and navigate to different sections of your main website. Within your main domain, you can have as many subdomains as necessary to get to all of the different pages of your website.


2 Answers

The two servers (not the client) need to send the following headers:

  1. Access-Control-Allow-Origin : Decide which origin could call into the server
  2. Access-Control-Allow-Methods : The method that is allowed to access the resource (GET or POST)
  3. Access-Control-Max-Age : How long the cache is held

You could inspect the headers returned from the server (using Firebug or others) if the servers are supporting cross origin resource sharing.

If you can't modify the two servers to add the headers, one other possibility to set up a proxy that sit between your request and two servers. This proxy could add the headers if you need to access them

If you own admin right to the servers, this CORS page shows how to add the headers in various platforms.

like image 77
momo Avatar answered Oct 05 '22 15:10

momo


set the cookie domain to .domain.com and you should be all set.. This is what I have done in my application..

like image 26
Baz1nga Avatar answered Oct 05 '22 15:10

Baz1nga