Update: A newer version of this post has been published to the IBM Bluemix blog.
For example, if you push an application to Bluemix, the name you provide will be prepended to .mybluemix.net resulting in an address such as:
To illustrate the problem and the solution, consider the simple Ajax application here:
However, if you click the blue box, you’ll initiate a call to a different servlet on that host:
This time the Ajax call will successfully consume data from the service, because the HTTP headers allow services from a different domain to access the servlet.
"POST, GET, DELETE, PUT"
If you need to allow access to all client hostnames, replace the whitelist with a wildcard:
I used Java in this example, but the same HTTP headers apply whether you’re using Ruby, Node.js, PHP, Python or any other runtime.