Enhances Web and Mobile Capabilities with CORS Support adds CORS support is pleased to announce the introduction of support for Cross-origin Resource Sharing (CORS). This capability means that developers have even easier access to the platform from desktop and mobile browsers and other client devices.

CORS is an HTML5 feature that supports cross-domain communication across web clients and server-side domains. Without CORS, a webpage cannot access another domain, either to get data or to access a service. (Cross-domain requests are typically forbidden by web browsers under the same origin security policy.)


Why CORS Matters with the Platform

All common browsers support CORS and so adding it to the APIs means that developers can make calls to IronMQ, IronWorker, and IronCache from webpages and other JavaScripts clients in a very simple and secure manner.
(An alternative to CORS is JSONP but that’s limited in that it is restricted to GET requests which means other methods such as POST, PUT and DELETE are not available.)
The use cases for connecting mobile and desktop clients to are pretty clear. Client-side components can put messages on IronMQ, run tasks in IronWorker, or put data in IronCache without having to hit another server (and have that server hit the APIs). This greatly streamlines app development in that you can send work to the background – whether it's to execute within your own system or to push to another service.

EnableCORS website handles the scaling and execution of the tasks or the pushing of the message to another endpoint. Developers simply have to make calls to the APIs and they get production-scale message queuing, task processing, and key/value data storage. Here's an example of how you might use CORS to connect to the platform.


How CORS Works

Specifically, CORS builds on top of the XMLHttpRequest object and allows JavaScript within a webpage or mobile app to make XMLHttpRequests to other domains. The browser adds these headers, and sometimes makes additional requests, during a CORS request on behalf of the client. The server responds in kind.
Much of the complexity for CORS is handled by the browser and the server. As a client-side developer, you can access these new headers but are generally shielded from majority of the details on how CORS works. For deeper background, however, you can check out an article by Monsur Hossain on Using CORS. It shows how to configure clients to make cross-origin requests along with an example of an end-to-end request.

Browser Support

Here is a table of the various desktop and mobile browsers and the levels of support for CORS.

You can view the full table of browser versions here.

Making a CORS Request for the Platform

This section shows a simple example of how to make a cross-domain request in JavaScript to IronMQ. The project ID and OAuth token provide authentication.

  // Create the XHR object.
  function createCORSRequest(method, url) {
    var xhr = new XMLHttpRequest();, url, true);
    return xhr;
  // Insert your credentials here:
  var projectId = 'YOUR PROJECT ID';
  var queueName = 'YOUR QUEUE NAME';
  var token     = 'YOUR TOKEN';
  var url = '' + projectId + '/queues/' + queueName + '/messages?oauth='+ token;
  // create a request and set content-type header
  var xhr = createCORSRequest('POST', url);
  // missing content-type header will lead to a 406 response
  xhr.setRequestHeader("Content-Type", "application/json");
  // Parse the response in the format of a JSON string
  xhr.onload = function() {
    var text = xhr.responseText;
    var resp = JSON.parse(text)
    console.log("My message is: ", resp);
  xhr.onerror = function() {
    console.log('Woops, there was an error making the request.');
  // Stringify your JSON request body
  xhr.send(JSON.stringify({"messages":[{"body":"your message"}]}));

Similar approaches can be used for queuing up a worker or putting an item into a cache in except with different endpoints, worker/cache names, methods, and payloads.

Note: The above example is primarily intended for as a demonstration given that the project ID and token are exposed within the JavaScript code. We will be creating additional resources on how to connect in a more secure manner.

Visit the Dev Center for a complete list of API methods for the services.


IronMQ API reference


To learn more about how can help you process messages, run tasks and store key/value pairs using from desktop and mobile clients, visit today.


  1. blank Dan Weaver on October 18, 2015 at 5:31 am

    How can I queue a worker task from client-side javascript without exposing the project_id and OAuth token?

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.