Origin http://example.com is not allowed by Access-Control-Allow-Origin

Question

I am trying to call webservice method from ajax call as given. My web service is hosted in the same application.

$.ajax({
    type: "POST",
    url: "http://1.1.1.1/demo/sblead.asmx/SBLeadsSave",
    data: "{'whenNeeded':'" + whenNeeded + "','howLong': '" + howLong + "','size': '" + Size + "','customerName': '" + name + "','mobile': '" + mobile + "','email': '" + email + "','comments': '" + comments + "','nextContract': '','unitLocation': '" + unitLocation + "'}",
    contentType: "application/json; charset=utf-8",

    dataType: "jsonp",
    callback: '?',
    crossDomain: true,

    success: function (response) {
        // debugger;
        var res = response.d;
        if (res == "True") {
            location.href = "http://1.1.1.1/SBleadSuccess.htm";
        } else {
            alert('Data Saving failed please try again');
        }
    },
    failure: function (result) {
        alert(result.status + ' ' + result.statusText);
    },
    beforeSend: setHeader

Web service method is not getting invoke, when I see it using Chrome developer tools --> network I could see the response as Origin http://www.example.com is not allowed by Access-Control-Allow-Origin.

It is working in test server, but not in production server.

How can I get through this problem?

Answer 1

It's because you are calling http://1.1.1.1/demo/sblead.asmx/SBLeadsSave, but that's not your production server location with all chance.

Put your production server location, or just /demo/sblead.asmx/SBLeadsSave.

Answer 2

You'll need to permit your production server in the response headers:

Access-Control-Allow-Origin: <production origin> | *

You can see more info on MDN: HTTP access control (CORS).