CORS AJAX

For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts (e.g. AJAX request). For below scenario, we need to modify the HTTP response headers:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

httpd.confApache-httpd.conf
<Location "/service/" >
  SetEnvIf Origin "http(s)?://(b|c)?(.domain.com)$" AccessControlAllowOrigin=$0
  Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
  Header set Access-Control-Allow-Credentials true
</Location>

The above example will allow requests to services under /service/ from http or https request from b.domain and c.domain. If we want the request to aware of the HTTP cookies, then we need add Header set Access-Control-Allow-Credentials true.

Sample AJAX programjQuery.ajax()
<script language="Javascript">
$.ajax({
  type: "GET",
  url: "https://a.domain.com/service/test.jsp",
  xhrFields: {
      withCredentials: true
   },
}).done(function(data) {
    console.log(data);
    alert( "success" );
  }).fail(function() {
    alert( "error" );
  });

</script>

withCredentials: true is used to mark XMLHttpRequest to aware of HTTP cookies (e.g. session id).