I think you might have some things backwards (or possibly your example confused me). If you want a page on your site to do a cross-origin request to www.google.es, then www.*google.es*'s server needs to add the Access-Control-Allow-Origin: headers, not your site. There's no way your server can add permissions to allow your webpage to access a 3rd party's site (otherwise it would be trivial to embed something in your page which, for example, reads all of the user's email and posts it back to your server).
Also, expanding on what Aria mentioned, in your example, google.es would need to explicitly add "Access-Control-Allow-Origin: your_actual_host.com", not "*" if you're logging in with credentials. Hope that helps clear things up, Jimb On Wednesday, August 20, 2014 2:38:09 PM UTC-7, Aria Stewart wrote: > > > On Aug 20, 2014, at 2:45 PM, nnodejs <[email protected] <javascript:>> > wrote: > > Hi guys! > > I have a problem using Ajax (side client) when I'm trying to request from > other domain, I know that this is caused by cross domain, but I can't find > any solution to fix it! > My app have to parse a HTML webpage to use some relevant information of > it. So I use Ajax to get it. > here is my code on the server, I'm using express.js: > > > [snip] > > > res.header("Access-Control-Allow-Origin", "*"); > > > [snip], client: > > xhrFields: { > > withCredentials: true > > }, > > > The combination of these two isn't allowed: give a specific origin. * > isn't allowed in combination with withCredentials. > > Aria > -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/257b46c7-e605-425b-b76a-14d7a68abab0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
