Re: Header set Access-Control-Allow-Origin for web services

Hi Booth,

I am by no means an expert in this area but basically you are hitting the
CORS mechanism (Cross-Origin Resource Sharing). A good article is:

http://restlet.com/company/blog/2016/09/27/how-to-fix-cors-problems/

Form my understanding, you it seems to indicate that you can get around
this by having the web service return an HTTP header. Something like:

Access-Control-Allow-Origin: *

You will need to study the ramifications, but hopefully this will get you
going.

As far as how to return HTTP headers, simply define a character array as a
parameter and in your program or procedure clear the array and set the
http header. The article below shows an example.

https://www.ibm.com/developerworks/ibmi/library/i-rest-web-services-server3/


Search for the line:

httpHeaders(1) = 'Cache-Control: no-cache, no-store';


"WEB400" <web400-bounces@xxxxxxxxxxxx> wrote on 12/04/2018 08:24:03 PM:

From: Booth Martin <booth@xxxxxxxxxxxx>
To: Web Enabling the AS400 / iSeries <web400@xxxxxxxxxxxx>
Date: 12/04/2018 08:24 PM
Subject: [WEB400] Header set Access-Control-Allow-Origin for web

services

Sent by: "WEB400" <web400-bounces@xxxxxxxxxxxx>

So far, I like what I am seeing with web service servers.

Next issue: the web service provides the JSON data properly formatted
when it is accessed by the URL in a browser. However when I go after
the same URL with a JavaScript application it tells me "Header set
Access-Control-Allow-Origin violation" and suggestions for changing the
Apache server..

That looks to me like "Beyond this there be dragons." I have neither
the knowledge, desire, nor the authority for this. I am suspecting
therefore that I am misunderstanding what needs to be done. I believe I

am concerned with "XMLHttpRequest()"?

Suggestions?