Cross Domain

8 posts, 0 answers
  1. Nic
    Nic avatar
    1 posts
    Member since:
    Apr 2012

    Posted 18 Jun 2012 Link to this post


    I am trying to use the Kendo Upload control to post my file to a web server on a different domain.  Ultimately I intend to host my front end as pure html and my API which is built on ASP.Net on different servers.

    For my API I have added the below headers which works fine for JSON requests however the Upload component is failing with the following error

    XMLHttpRequest cannot load Origin http://localhost is not allowed by Access-Control-Allow-Origin.

    I have tested the component on the same server as the upload script and I can confirm that it works perfectly.

    .Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
    if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
                    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST");                HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers","Content-Type, Accept");

    Is it possible to do cross domain posts with Upload?

    Kind regards,


  2. Johsua
    Johsua avatar
    2 posts
    Member since:
    Feb 2012

    Posted 16 Jul 2012 Link to this post

    Kendoui folks,
    No reply to this question? i am also working with the upload widget and need to do a cross domain/ origin call. how do we go about this.
  3. Doug
    Doug avatar
    18 posts
    Member since:
    Feb 2011

    Posted 17 Jul 2012 Link to this post

    I, too, am running into this issue, and it's really even just me testing localhost.  I am working on my laptop doing the front-end (javascript/html only) and my receiving server is my SharePoint VM (which shows up as cross-domain).  Please provide an answer if possible.
  4. Doug
    Doug avatar
    18 posts
    Member since:
    Feb 2011

    Posted 17 Jul 2012 Link to this post

    Hmm...I realized that, in our production environment, I am going to be encountering this issue since the front end and the receiving end are going to be on two separate servers in disparate datacenters.  So I am going to start digging into what to do with this, but any help would definitely be appreciated since this is no longer just a localhost issue.
  5. T. Tsonev
    T. Tsonev avatar
    2834 posts

    Posted 18 Jul 2012 Link to this post


    The Upload can send files to another domain, but some caveats. This requires File API browser supports and a server that will accept CORS requests. The first requirement rules out IE, Opera and old versions of FF. Thus, the approach is not really viable.

    The only reliable way is to use a server-side proxy.

    I hope this helps.

    All the best,
    Tsvetomir Tsonev
    the Telerik team
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
  6. Doug
    Doug avatar
    18 posts
    Member since:
    Feb 2011

    Posted 18 Jul 2012 Link to this post

    AH!  That makes it all make sense.  It was good news in my case since we have a very progressive environment to work in.  I got it to work and I'll detail how.

    1.  The scenario is we have a custom page used to upload and archive documents in a SharePoint document library.

    1.  We use a LOT of application pages in SharePoint as "standalone" internal applications.  Luckily, we have standardized on Chrome as our internal browser of choice.  We only deal with IE when dealing with customers.  Also, I have admin access to our SharePoint environments (including server-level logon capacity).  So it means that, for this scenario, I'm in the best possible situation.

    2.  I created a SharePoint application page to be the server-side receiver for the uploader.  I receive the file, do the work, and then use JSON.NET to serialize a return object.  To allow the Kendo uploader to work, I flush the response and write my own:

    HttpContext.Current.Response.ContentType = "application/json";
    HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Credentials", "true");
    if (Request.UrlReferrer != null)
        HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Origin", Request.UrlReferrer.Scheme + "://" + Request.UrlReferrer.Authority);
    HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS");

    3.  The Kendo uploader gracefully falls out of the OPTIONS method and falls back to POST.  Since we use WebDAV, I'm not going to mess with the OPTIONS verb as that tends to conflict and do weird things to WebDAV if you're not careful (especially if you're in the _layouts folder).  So I just let it fall back to POST.  The only thing I lost doing it that was the built-in support for the progress bar.  This was negligible to me as the built-in spinner works just fine.

    Also, I had to specify the url referrer in headers because, in SharePoint, you cannot keep allow credentials set to true in the header and have an "*" as the allow origin.  As this is a completely internal application and there would be multiple applications using this proxy, I just got the request referrer so that each request would add itself to the allow origin header.  Not the best security model, but, again, this is completely internal.

    The same thing could also be accomplished by editing the web.config, but I hate messing with SharePoint's web.config if I don't need to.  It could be done like this (IIS7):

    <?xml version="1.0" encoding="utf-8"?>
           <add name="Access-Control-Allow-Origin" value="*" />

    In any case, Tsvetomir's response got us where we needed to be.  Granted, if we had to deal with IE, it would be less forgiving.  But, if you're in a good boat, this should work for you. 

  7. Daniël
    Daniël avatar
    9 posts
    Member since:
    Sep 2012

    Posted 06 Jun 2016 Link to this post

    the anwer to this question is old, 2012, are there new ways to tackle this in the 2016 version of Kendo UI?


    The reqwest library ( enables me to do the requests to my web api (on a subdomain with CORS enabled for the main domain), so Kendo UI could in theory do the same

  8. Dimiter Madjarov
    Dimiter Madjarov avatar
    2312 posts

    Posted 08 Jun 2016 Link to this post

    Hello Daniël,

    We covered the question in the support thread on the same topic.

    Dimiter Madjarov
    Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
Back to Top