Cross Domain Requests
Browsers have a policy commonly referred to as the
same origin policy
that blocks requests across domain boundaries. Because of this restriction update operations cannot be performed if the web page is served by one domain and the target OData endpoint is in a different one. Users have the ability to disable
this policy in the browser, however it is typically turned on by default. datajs is designed with such an assumption. The following options are available to support this scenario:
- Have the web server provide a relaying mechanism to redirect requests to the appropriate OData endpoint.
- Use an
XDomainRequest object. This option is not available in all browsers.
- Use cross origin XMLHttpRequest object. This option is also not available in all browsers.
- Prompt for consent on first use. This option is not available in all browsers and generally provides a poor user experience.
Read operations are available for cross-domain requests if the OData server supports JSONP. To configure the datajs to use JSONP, set the following properties on the
- formatQueryString: this is a query string option inserted in the URL.
- callbackParameterName: this is the name of a query string option that will be assigned a function name to call back into.
- enableJsonpCallback: see
OData Security before setting this property to true.
By default, all values except for enableJsonpCallback
are set to work with the popular
for WCF Data Services-based servers, but can be modified to any appropriate value before a request is submitted.
The values can also be set on an individual request
object when passed to the