Hi,guys,morning to all :)

I have face 1 situation, i already built an api using the rest method, and all my response data will be return in html data when i call the api, i testing on the same server using the jquery working fine, when i use on another server cant get the html data return, may i know what is the problem?my testing code(this is a normal html file) will be similar like this:

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready(function() {
			$.post("http://test.net", { 
            		apiKey: "blablabla",
            		loc: "Malaysia",
            		mac: "00-13-02-69-7E-09",      kw:"gender,sex,car,transport,kfc,mcd,fastfood,2000,-fdfs,-2000,-stuckbuck,-coffee",
            		format: "html",
            		ap: "cJinsO9",
            		as: "j7FjXmq"
            		}, function(data) {
			}, "html"
<div id="ad_space1" style="margin: 10px;"> </div>

my return api data similar like this(all return data in a div)

<div><p><a href=http://testing.com><img border='1' src='http://testing.com/images/5.jpg'></a></p></div>

may i know what is the problem i cant use the same testing html on another server?is that because cross site issue??thanks in advance if anyone can answer my question,cheers!

This shouldnt be a problem. Hard to guess what's wrong.

A question for you, since you built your own REST API. Have a look at this thread, always looking for more insight.

i solved the cross site problem by include

header('Access-Control-Allow-Origin: *');

in the top of the index.php of my api file, it solve the problem,

but i wonder by allow all origin to access the index.php that call the controller of the api will cause any problem on security???

Note,my api call everytime need authenticate with the api key at the database..

If you have a static key, then that can be easily intercepted and re-used.

so mean

header('Access-Control-Allow-Origin: *');

will not cause any security issue?

i think so since it allow the api file to access by all other website only,cheers,

anyway,all of my api user will have a static encrypt api key which i will need to reuse to track all activity,thanks pritaeas for your info and comment,cheers

Best Regards,