Cross origin javascript client

Hello. I have a javascript client located on iis server. everything goes fine but on click  button that sends a request to my server always got the error policy cross origin fails or empty response.

On my server i have the configuration SendCrossOriginHeader on true.

am i missing some thing?

thanks in advance

This can be pretty much anything. Try to debug the client-server interaction with Fiddler or similar tool to find out what’s going wrong.

I did the test with fiddler. There is a request like… The result is: The server did not return a complete response for this request. Server returned 0 bytes

th ip is right and active (server).

Sorry maybe is not yet enough information.

by the way the indy version is 9

thanks again.

ROD servers accepts by default POST method only.
if you server should accept GET method, you can use OnCustomResponseEvent event as shown in Using OnCustomResponseEvent in a ROSDK Server snippets

Hello, thanks for the answer. My application do not need Get method in fact the fiddler tool show POST method and the response is: XmlHttpRequest cannot load…Response to preflight request doesn´t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin is therefore not allowed access. The response had Http status code 502. This message was captured on google chrome dev tool.

The configuration of the web.config into the iis application has the CORS header enable.


that server type is used on server-side? TROIndyHTTPServer or TROWebBrokerServer?

is TROIndyHTTPServer.


can you confirm that TROIndyHTTPServer.SendCrossOriginHeader is set to true ?

Hello. Yes the property is set to true.

I did check too the code and the property is never changed.


can you set breakpoint at uROBaseHTTPServer.pas

procedure TROBaseHTTPServer.ProcessRequest(const aTransport: IROHTTPTransportEx;
  const aRequestStream: TStream; out aResponseStream: TROBinaryMemoryStream;
  const aResponse: IROHTTPResponse);

    DoCORSSupport(aTransport,aResponse);  // <<<<<<<<<<<< here

and confirm that it sets Access-Control-Allow-Origin header?

Ok. This is how i am trying to operate according to my needs. I have two web applications, both of them conected to the same server application (delphi).

First one. In this app, my server serves the html pages and it loads the javascript files referenced into the head of them. Into these js files are the logic to connect to the same server. In this scenario everything goes fine and the header Access-Control-Allow-Origin is true and right.

Second. In this app, i have an IIS server that receive the request of the html pages and it loads the javscript files from here too. So when the javascript logic sends a request to my server app, the response fails. the event “ProcessRequest” is never fired in this scenario.

I checked the trafic with fiddler tool, the request is send to the right ip in fact if i copy paste this http request to a new browser page on the same PC, the server responds and the event “ProcessRequest” is fired but not when javascript sends the same.

Sorry if i am doing something wrong, i really need help.

thanks in advance

Fiddler can save network exchange data.
Could you please do the following:

  • Start fiddler
  • Load your app in the browser
  • Press Ctrl+X to clear the log
  • Press the failing button
  • In Fiddler, go to File -> Save -> All Sessions

And then send the log file to us (via support@, please do not attach it to the talk message)

Ok, the log has been send.

thank you very much

Can you specify what Indy and Delphi version you are using?
if you replaced TROIndyHTTPServer with TROIpHTTPServer, would it work?

Hello. The indy Version is 9.00.10 and Delphi7.

I can not see the TROIpHTTPServer into the RemObjects toolbar.

I think i can implement another component but just if my other projects keep working without changes to make (deep changes). My question is Is not posible my scenario to work in this way?



According to the Fiddler log the issue is that there is no answer at all to the OPTIONS request (ie the preflight CORS check).

So either the server URL or port is not accessible from the client at all or there is something wrong with the server channel so it doesn’t respond to the CORS request.

yes i see that, but if i put the url ( into a browser on the same machine, the server responds. Only fails the response when i make it from javascript library loaded from IIS server. why is that?

with the right port:


jejeje my fingers play me a bad time.