Forum OpenACS Development: Disabling CORS Policy on OACS 5.10

Posted by Iuri Sampaio on

In earlier versions, declaring a line within /acs-tcl/tcl/request-processor-procs.tcl, at [ad_http_cache_control] was enough to allow connections * and disable CORS policy. As in:

    ns_set put [ns_conn outputheaders] "Access-Control-Allow-Origin" "*"

However, it seems this proc has not been used anymore on v. 5.10.

So, how do I disable CORS policy in order to allow external connections temporarily (i.e. localhost dev environments)?

Best wishes, I

Posted by Gustaf Neumann on
The best approach is to add it extra header information to the *_extraheaders in the NaviServer configuration file [1]. This guarantees that these header fields are used for all kind of requests.

All the best


Posted by Iuri Sampaio on
Thanks Gustaf,
it works now!
Posted by Max Parker on
useful information