Enable CORS for your API. http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api
Regards, Nelson Chan On 17 August 2015 at 11:25, Greg Keogh <[email protected]> wrote: > Folks, I fell into a stupid security trap due to SOP > <https://en.wikipedia.org/wiki/Same-origin_policy>. A developer is > writing a demo AngularJS in-browser app for us, and it needs to call a REST > API hosted on my development server. Of course during my testing it all > works because I was either testing on localhost or deploying it and testing > it, I wasn't mixing the two together. > > Now the poor JS coding guy is testing locally but SOP prevents him from > calling my service. I didn't foresee this. Is there some quick 'n' dirty > hack or workaround for this just to get him going? Perhaps some config > change on my server-side, or are the rules burned into the client browsers? > In the meantime I'll read more fine print on this rule to looks for a > loophole. > > Thanks, *Greg K* > > P.S. If you want to try it yourself, I use this call in Fiddler to get > some JSON and sanity check the service is responding: > > GET https://orthogonal.net.au/rubyapi/v3/login/info HTTP/1.1 > Host: orthogonal.net.au >
