Solved! Go to Solution.
You can definitely use CORS at 10.0 but you need to configure it yourself, which is straightforward. I use and refer people to http://enable-cors.org/ for steps on how to do this.
Once they enable CORS for their server they can use services on internal servers on CORS-enabled browsers (FF, Chrome, Safari).
Note that if they're planning to move to 10.1 or 10.2, those versions have CORS enabled by default.
Also, I noticed they mentioned that they have CORS enabled on both their test and production servers. However the screenshot indicates the rest/info request failed. If CORS is enabled, this request would have succeeded.
One other thing to check is if they're using self-signed certificates for their server. Browsers disallow ajax requests to such servers. To prevent this, they need to open the server's services directory in a separate tab and add a security exception. Another solution is to install a proper Verisign signed certificate. From the two failed requests (rest/info and the next one) in the screenshot, it seems to me that they may indeed have self-signed certificate.
You can definitely use CORS at 10.0 but you need to configure it yourself, which is straightforward. I use and refer people to http://enable-cors.org/ for steps on how to do this.
Once they enable CORS for their server they can use services on internal servers on CORS-enabled browsers (FF, Chrome, Safari).
Note that if they're planning to move to 10.1 or 10.2, those versions have CORS enabled by default.
Also, I noticed they mentioned that they have CORS enabled on both their test and production servers. However the screenshot indicates the rest/info request failed. If CORS is enabled, this request would have succeeded.
One other thing to check is if they're using self-signed certificates for their server. Browsers disallow ajax requests to such servers. To prevent this, they need to open the server's services directory in a separate tab and add a security exception. Another solution is to install a proper Verisign signed certificate. From the two failed requests (rest/info and the next one) in the screenshot, it seems to me that they may indeed have self-signed certificate.