To test this policy, a simple web page can be created as follows:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Simple use of Cross-Site XMLHttpRequest (Using Access Control)</title> <script type="text/javascript"> var invocation = new XMLHttpRequest(); var url = 'http://xxxxx.compute.oraclecloud.com:8001/catalogue/artists? limit=1&country=GB&name=Frankie&api-key=05554de2-a17f-4822-a6be- 1330f9540780';
function callOtherDomain(){ invocation.open('GET', url, true); invocation.onreadystatechange = handler; invocation.send(); } function ...