I have a simple actionmethod, that returns some json. It runs on ajax.example.com. I need to access this from another site someothersite.com.
If I try to call it, I get the expected…:
Origin http://someothersite.com is not allowed by Access-Control-Allow-Origin.
I know of two ways to get around this: JSONP and creating a custom HttpHandler to
set the header.
Is there no simpler way?
Is it not possible for a simple action to either define a list of allowed origins – or simple allow everyone? Maybe an action filter?
Optimal would be…:
return json(mydata, JsonBehaviour.IDontCareWhoAccessesMe);