Cross domain request to web-service returning JSON with jQuery

Question

I'm trying to doing a request to a web service from an ASPX page on www.mysite.com using jQuery.

My webservice is hosted on https://www.mysite2.com.

I've tried to perform the request in this way (I found part of this code online):

$.ajax({
    url: "https://www.mysite2.com/ws/api/Visits/List/" + myfilter,
    type: 'GET',
    dataType: 'json',
    contentType: "application/json; charset=utf-8",
    beforeSend: setHeader,
    crossDomain: true,
    success: function (data) {
        response($.map(data.visits, function (v, i) {
            return {
                label: v.ID,
                value: v.Name
            }
        }))
    },
    error: function () {
        alert('Error!');
    },
})

function setHeader(xhr) {
    xhr.setRequestHeader('X-Token', 'myToken0123');
}

I encounter two problems:

1) IE is returning Access Denied error (code 0x80070005)

2) Chrome is returning "Insecure response" error

The returned JSON will be used to fill an autocomplete source.

Any suggestion to solve this problem?

Answer 1

If you go to https://www.mysite2.com, it will tell you This server could not prove that it is www.mysite2.com; its security certificate is from *.hawkhost.com. This may be caused by a misconfiguration or an attacker.

You can accept this and you will no longer see your issue. However, every single one of your users would have to do the same.

Answer 2

If this is a Cross Domain Request then you need to contact whom ever is in charge of the server and ask them to add your domain to their list. This is the code they would need to add to the server where http://foo.example is your domain.

Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER
Access-Control-Max-Age: 1728000