public static RulesOption("Force CORS")
var m_ForceCORS: boolean = true;
// If it's an OPTIONS request, fake the response and return w/e the client expects.
if (m_ForceCORS && oSession.oRequest.headers.HTTPMethod == "OPTIONS") {
oSession.utilCreateResponseAndBypassServer();
oSession.oResponse.headers.Add("Access-Control-AllowOrigin", oSession.oRequest.headers["Origin"]);
oSession.oResponse.headers.Add("Access-Control-AllowMethods", "GET, POST, PUT, DELETE, OPTIONS");
oSession.oResponse.headers.Add("Access-Control-AllowHeaders", "Content-Type, SOAPAction, Authorization, Accept, Csrf-Token, X-Requested-With, cloudSession, WbeSession, Cookie");
oSession.oResponse.headers.Add("Access-Control-MaxAge", "1728000");
oSession.oResponse.headers.Add("Access-Control-AllowCredentials", "true");
oSession.responseCode = 200;
}
// Also add the headers to any real response with an "Origin:" header set
if (m_ForceCORS && oSession.oRequest.headers.Exists("Origin")) {
oSession.oResponse.headers.Remove("Access-ControlAllow-Origin");
oSession.oResponse.headers.Add("Access-Control-AllowOrigin", oSession.oRequest.headers["Origin"]) ;
oSession.oResponse.headers.Remove("Access-ControlAllow-Methods");
oSession.oResponse.headers.Add("Access-Control-AllowMethods", "GET, POST, PUT, DELETE, OPTIONS");
oSession.oResponse.headers.Remove("Access-ControlAllow-Headers");
oSession.oResponse.headers.Add("Access-Control-AllowHeaders", "Content-Type, SOAPAction, Authorization, Accept, Csrf-Token, X-Requested-With, cloudSession, WbeSession, Cookie");
oSession.oResponse.headers.Remove("Access-Control-MaxAge");
oSession.oResponse.headers.Add("Access-Control-MaxAge", "1728000");
oSession.oResponse.headers.Remove("Access-ControlAllow-Credentials");
oSession.oResponse.headers.Add("Access-Control-AllowCredentials", "true");
}
Please click here for contact information.