Hi Alexander, I am working on a custom api module that supports AJAX so I can connect it to a master administration application for CRM. But the CRM is hosted on a different domain. I think I am encountering a problem where AJAX won't load in remote site because of XSS security. I am able to load my Am_Module Controllers directly from the amember installation but when I try to reach them with AJAX I receive an unknown error. It is 200 OK but will not parse response. Here is a basic example: HTML: $.ajax({ url: "http://my.gomedia.local/goapi/forms/mue/", error: function(jqXHR, textStatus, errorThrown){ console.log(jqXHR); console.log(textStatus); console.log(errorThrown); }, success: function(data, textStatus, jqXHR){ console.log(data); console.log(textStatus); console.log(jqXHR); } }); And I can reach it directly. But when I attempt loading through AJAX: I've tried numerous contextSwitch settings in the Controller and it has not made a difference. PHP: public function init() { $ajaxContextSwitch = Zend_Controller_Action_HelperBroker::getStaticHelper('AjaxContext'); $ajaxContextSwitch->setDefaultContext('json'); $ajaxContextSwitch->addActionContext('getPrivileges', 'json'); $ajaxContextSwitch->initContext(); } Do you know if this is more likely XSS security or more likely a parse error in jQuery? Do I need to create a custom Route to get around XSS in your app? Thank you very much for your insight.
Update, I've tested it in Chrome and now it really seems like XSS issue. I have the response: "Origin http://localhost.local is not allowed by Access-Control-Allow-Origin." I will research this issue, but let me know if you happen to know how to resolve it. Thank you.
Alright, I've figured out how to make it work by adding this to my controller. header("Access-Control-Allow-Origin: http://localhost.local"); It isn't graceful, but it resolves the problem. Thanks anyway.