Today, I was playing with GeoNames webservices. But something was painful.

As you may know, if you want to do a request from your website to another domain, you have to use some ugly hacks to make your XHR working, due to security concerns.

For some services, this does not make sense, as they want to be reachable from everywhere. You can open your webservices to all or part of the web: HTTP access control.

I've sent an email to the GeoNames team. They've added a new HTTP header:

Access-Control-Allow-Origin: *

And now it works :) I can use my XHR without any ugly hacks.

(Thank you so much Marc).

Some homework for you guys today:

  • if you are a developer of a webservice, consider allowing Cross-XHR;
  • if you use a webservice, contact the author, talk to them about that they can open their webservices.