cross domain

response.setHeader("Access-Control-Allow-Origin","*");

response.setHeader("Access-Control-Allow-Headers","X-Requested-With");