REST Service Issue

I've seen that error when you use http for the call but the service is expecting https. Also, I've seen it when a "GET" is being requested when the service expects a "POST" or something.

Can you post your JS where you're calling the service?

    $.ajax({
        url:
            'http://www.hangoutdoors.com/rest/content/site/hod/en-us/childrenof/places/usa/michigan/parks',
        type: 'GET',
        success: function () { alert('success!'); },
        error: function () { alert('Error!'); },
        xhrFields: {
            withCredentials: true
        },
        contentType: "application/json",
        beforeSend: function (xhr) {
            xhr.setRequestHeader('Authorization', 'Basic ' + btoa('myusername:mypassword'));
        }

});

I think it may be a CORS issue.

http://www.dotnet-tricks.com/Tutorial/wcf/X8QN260412-Calling-Cross-Domain-WCF-Service-using-Jquery.html

Is your JS run from a page on the same domain as the REST service?

Also, you may try changing your contentType to "text/plain".

https://supportforums.blackberry.com/t5/Web-and-WebWorks-Development/WCF-webservice-calling-from-Jquery-ajax/m-p/2716149#M42305

JS is not run from the same domain. For example it could be a mobile phone or a simulator. Would CORS only affect the JS call? As I mentioned when I set up the call from c# behind an .aspx page it works like a charm.

I guess I was looking for something a bit more turn-key from Kentico. If I want to hook up any mobile application that just uses JS, it appears that the Kentico REST service doesn't work. I will explore the links you posted.

Hi Charles,

This is actually a browser feature, I believe, that prevents AJAX requests cross domains.

However, if you are aware of where these requests are being made from, you can probably add the Access-Control-Allow-Origin custom header to your IIS.

Have a look at http://devnet.kentico.com/questions/how-to-add-access-control-allow-origin-header-in-rest-api-response

Hope it helps,

Cheers, P.

Pedro,

Thanks. Although If I am building javascript applications and using PhoneGap/Cordova to package, then I will never be aware of where the requests are coming from.

Also, I am running it in Azure as a Web Application. Any other thoughts would be greatly appreciated.

When I have built my own services, I just use [Enable-Cors], etc. and I am good to go. Not really sure where to do this in Kentico. I have considered just building my own service and calling API in my code of Kentico, but it seems a bit much since Kentico has its own REST available.

You could probably use this technique - http://stackoverflow.com/a/7454204 (pardon the PHP) to set the header on one of Kentico's Global Events.

Please note that this will basically go around any CORS checks, which IMO is really, really wrong! You should only allow authorized consumers to access your data, so I'd probably maintain a list of allowed origins somewhere that I would check for before setting the response header.

Ah, http://enable-cors.org/server_iis7.html you can actually use the * value in it.

Pedro, I do agree with you, but when you are building mobile and consuming Kentico rest service using JavaScript, you don't have many options on keeping track of origins.

I'm still not sure you would need to wildcard. By building mobile, do you mean a hybrid HTML/JS app that runs on top of a browser? Wouldn't you still know what domain renders/uses the AJAX calls?

Apologies if I'm missing the point, if you'd like to elaborate, I'd be happy to help.

Cheers, P.