There are two reasons to use this feature of Bancha. Either you want to package your application for mobile devices, or you want to provide your CakePHP application on a domain different from your Ext JS/Sencha Touch app.


Define the CakePHP Domain

First you have to define the domain where your CakePHP application is hosted. Please set the following config in your core.php

Configure::write('Bancha.Api.domain', '');


Configuring the Access Control

Browsers by default enforce the Same-Origin-Policy. This means that your browser forces you to provide the CakePHP application and your Ext JS/Sencha Touch application in the same domain. This behavior can be augmented by setting CORS (Cross-Origin Resource Sharing) headers.

This is a pretty complex topic, but Bancha will keep it simple. You have two options to set these headers:

A. Use the .htaccess file

This option is only recommended if you want to allow access from all domains. Then you can add the following to your .htaccess:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Methods: "POST, OPTIONS"
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type"
Header set Access-Control-Max-Age: 3600 </IfModule>

B. Use the Bancha config Bancha.allowedDomains

This solution is as simple as the above one, but additionally enforces that the origin domains match on of the defined ones, before executing any requests.

Simply set the config either to '*' (allows all domains) or to an array of allowed domains:

Configure::write('Bancha.allowedDomains', array(



Currently Bancha expects the browser to send the HTTP_ORIGIN header if the Bancha.allowedDomains config is active. Sadly some browsers can't be relied on sending this not-yet-standard header. This will be no problem if you are running a mobile app, but might be a probelm if you are running inside browsers and don't have Bancha.allowedDomains set to *. If you run into any problems, please contact us.

Further Reading


Add a comment