Forum OpenACS Development: Disabling CORS Policy on OACS 5.10

Collapse
Posted by Iuri Sampaio on

In earlier versions, declaring a line within /acs-tcl/tcl/request-processor-procs.tcl, at [ad_http_cache_control] was enough to allow connections * and disable CORS policy. As in:

    ....
    ns_set put [ns_conn outputheaders] "Access-Control-Allow-Origin" "*"

However, it seems this proc has not been used anymore on v. 5.10.

So, how do I disable CORS policy in order to allow external connections temporarily (i.e. localhost dev environments)?

Best wishes, I

Collapse
Posted by Gustaf Neumann on
The best approach is to add it extra header information to the *_extraheaders in the NaviServer configuration file [1]. This guarantees that these header fields are used for all kind of requests.

All the best
-gn

[1] https://bitbucket.org/naviserver/naviserver/src/1ef27c7f222c443f472d9726e31fa14c28cc0e16/openacs-config.tcl#lines-93

Collapse
Posted by Iuri Sampaio on
Thanks Gustaf,
it works now!
Collapse
Posted by Max Parker on
useful information