CORS question

Jun 26, 2014 at 2:55 AM
I am using http_listener to implement a server. However http posts from a javascript webpage are not retrieving a response. I am told that this is probably due to lack of HTTP access control (CORS) support.
Is that correct. Can someone please indicate what the solution is?
Jun 26, 2014 at 10:02 AM
The CORS security issue is used to avoid cross scripting attacks and in short the browser doesn't allow the load of differenet URLs(origins) other than the page was loaded.
So if you load a url from, you can't have a script that accesses a url in other test.
To make sure that your server is working, implement a basic web::client based on the examples and use it to verify your server. Or you can use some curl implementation, or you can spawn a browser without security warnings.

In any case it has nothing to do with the actual implementation of the http_listener, but with the setup of your ip addresses.
Jun 26, 2014 at 3:13 PM
in my case, there is a web page: that is an ASP page. Inside that page, it is calling where casablanca based service is running and it is returning a JSON output. However the webpage on domain1 is dropping the output in the browser. It works fine with CURL. I am told that I should insert Access-Control-Allow-Origin: * in my message reply header. However I don't know how to do that. What are the methods to insert a header fields into the reply. right now I am doing message.reply(STATUS_200_OK, json_content)
Jun 26, 2014 at 6:35 PM
Hi Negendra17,

One of the http_request::reply overloads takes an http_response object. If you directly create the http_response class yourself you can control all sorts of options including adding headers. Something like this:
http_response response(status_codes::OK);
response.headers().add(U("header1"), U("value1"));
Jan 11, 2015 at 10:01 PM
Hi stevetgates.

Thank you very much for your response. You were very helpfull!.