AJAX headers ending up in HTTP_ACCESS_CONTROL_REQUEST_HEADERS on PHP side

Question

I'm trying to get the SalesForce Rest API to work and I've debugged my problem down to this point:

When I make an AJAX call from my web app to my back-end (which is on a different domain than the backend), all of the AJAX headers end up crammed into $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'] and there is no way for me to get access to their values.

    return $j.ajax({
        type: 'POST',
        url: my_endpoint_url,
        cache: false,
        processData: false,
        data: 'grant_type=refresh_token&client_id=' + this.clientId + '&refresh_token=' + this.refreshToken,
        success: callback ,
        error: error ,
        dataType: "json",
        beforeSend: function(xhr) {
            if (that.proxyUrl !== null) {
                xhr.setRequestHeader('SalesforceProxy-Endpoint', url);
            }
        }
    });

On the server side, I only receive:

[HTTP_ACCESS_CONTROL_REQUEST_HEADERS] => accept, salesforceproxy-endpoint, doiwork, origin, content-type

How can I access the value of "salesforceproxy-endpoint" over on the server side? Likewise, I can't seem to find the "data" of the ajax call anywhere..

UPDATE: Just for giggles I moved my end-point to the same domain. Now it is working as expected.

[HTTP_SALESFORCEPROXY_ENDPOINT] => https://login.salesforce.com//services/oauth2/token

Is there any way to get this working cross domain?

Answer 1

You just got aware what the Same origin policy is ;)