So you’ve followed Oracle’s lead and started implementing REST services in Oracle Service Bus. But you very quickly run into a problem, how do I get my webpages to access these services via Ajax when they are hosted on different domains (or ports). This is generally forbidden in most browsers (as it violates the ‘same origin policy’, ie: you can only access resources in the same domain as you). The most common recommendation to resolve this issue is to enable CORS (Cross Origin Resource Sharing). Basically you just set a header in the response from the remote service that lists the domains that are allowed to request from this resource. If the web page is in that list the browser will allow the resource to be accessed.
Getting this to work in OSB is actually pretty easy and will mean that your OSB services don’t have to be on the same domain as your web pages. Read on to find out how.
To enable CORS we just have to set the ‘Access-Control-Allow-Origin’ header in our response. To do this simply add a ‘Transport Header’ component to the response branch of your routing section
Click the Transport Header and in the properties window click the ‘+’ button to add a new header. Name it ‘Access-Control-Allow-Origin’ (it’s not in the list, but OSB will let you set a custom name) and set the value to ‘*’
Note: You should probably set the value to list of actual domains that you want to allow, otherwise any system will be able to allowed to access the resource.
With that you can now access your REST service from a web page running on another domain.