The parts

I am developing against two Pylons servers and testing locally. One server is on port 5000 and is the called server. The other is on port 7000. The l开发者_如何转开发atter creates a cookie that specifies the same domain as used by the former server. Essentially, the first server uses credentials provided by the second server to impersonate the user.

The first server expects to find an auth token (a cookie, really) in its response.environ at run time. When I authenticate on the server on port 7000 and browser to a service on port 5000, the latter server uses the cookie created by the former and the app works.

The fly in the ointment is that the first server creates an HTML5 app that uses an ajax call to the second server, and I cannot get the cookie to be included in the ajax call. I believe that Chrome (the browser we are using/requiring for HTML5 support reasons) refuses to send the cookie for cross domain reasons: going from foo.net:7000 to foo.net:5000 is considered cross domain.

Oh, and the ajax call is through jQuery.

The question

Is there any way to make an ajax call from an HTML5 app created on a port in the same domain to a server in the same domain but a different port?

What I've tried or discard out of hand

I do not believe I can use dynamic script tag insertion because I am making the call from javascript and the HTML is generated on the client at runtime from other javascript. At least, I don't think that is a desirable solution.

I don't believe Access-Control-Allow-* is applicable because I am going from client to server, not the other way.

I've seen this on jQuery and ports in ajax calls. I've seen this, too.

I know about the same-origin policy.

And this does not work.

Agree with Michael that the simplest solution is JSONP. But even in JSONP you need to configure your server such that it supports JSONP. Many Servers deny this to keep their data secure and sound. JSONP expect your server to send data in the format that can be evaluated as the valid JSON. But its not the case in every JSONP Request and response. So, just watch out for that.

The absolutely simplest solution to this is to use JSON/P. I wish there were an easier, softer way to accomplish this, but I certainly haven't found one.