cancel
Showing results for 
Search instead for 
Did you mean: 

Access-Control-Allow-Origin

We have developed an application utilizing the Authorize.NET API implemented in JavaScript.  We have just finished testing (using the dev URL,  https://apitest.authorize.net/xml/v1/request.api) and all went well.  However once we started testing using the production API, we started getting cross-domain scripting errors.  We noticed that the headers on the dev API URL contain “Access-Control-Allow-Origin:*”.  However, the production API URL (https://api.authorize.net/xml/v1/request.api) is missing this header which makes cross domain communication via JavaScript impossible.  Has anyone else ran into this? 

 

These hearders are bleow.  Notice the the missing headers in the second example.

 

Thank you in advance for any advice.

 

 

Response Headers for https://apitest.authorize.net/xml/v1/request.api

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/xml; charset=utf-8

Server: Microsoft-IIS/7.5

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: GET,POST,OPTIONS

Access-Control-Allow-Headers: x-requested-with,cache-control,content-type,origin,method

Date: Fri, 14 Nov 2014 14:52:22 GMT

Content-Length: 365

Age: 1

Via: HTTPS/1.1 localhost.localdomain

 

Response Headers for https://api.authorize.net/xml/v1/request.api

HTTP/1.1 200 OK

Cache-Control: private

Content-Type: application/xml; charset=utf-8

Server: Microsoft-IIS/7.5

X-AspNet-Version: 2.0.50727

X-Powered-By: ASP.NET

Date: Fri, 14 Nov 2014 14:53:13 GMT

Content-Length: 365

Age: 0

Via: HTTPS/1.1 localhost.localdomain

00PureSleep00
Member
2 REPLIES 2

Off topic question.

How are you hiding your transactionKey, LoginID? or stop it from reaching the broswer?

RaynorC1emen7
Expert

We were under the impression that the keys were specific to referrrals from the host, similar to a Google API Key.  We are working to make this a server side implementation now.  Thanks for the feedback.