In async.js at the position of withCredentials=true set to false and put this in your httpd.conf: # Always set these headers.Header always set Access-Control-Allow-Origin "*"Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"Header always set Access-Control-Max-Age "1000"Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"