Folks, I fell into a stupid security trap due to SOP <https://en.wikipedia.org/wiki/Same-origin_policy>. A developer is writing a demo AngularJS in-browser app for us, and it needs to call a REST API hosted on my development server. Of course during my testing it all works because I was either testing on localhost or deploying it and testing it, I wasn't mixing the two together.
Now the poor JS coding guy is testing locally but SOP prevents him from calling my service. I didn't foresee this. Is there some quick 'n' dirty hack or workaround for this just to get him going? Perhaps some config change on my server-side, or are the rules burned into the client browsers? In the meantime I'll read more fine print on this rule to looks for a loophole. Thanks, *Greg K* P.S. If you want to try it yourself, I use this call in Fiddler to get some JSON and sanity check the service is responding: GET https://orthogonal.net.au/rubyapi/v3/login/info HTTP/1.1 Host: orthogonal.net.au
