I was just wondering if anyone has successfully accomplished a CORS via AJaX by setting the "Access-Control-Allow-Origin" header to either wildcard (*) or FQDN (www.anothersite.com)?
I found a claim that I can use a CFHEADER tag to set the Access-Control-Allow-Origin and complete a cross-origin request. I was just wondering if anyone else has successfully done the same thing (regardless of server-side language).
^ _ ^
I've done this in .NET. I would assume it would also work in CF, but don't remember testing it recently.
Dave Watts, Fig Leaf Software
I don't know what I'm doing incorrectly, but I can't get it to work. Looking at the header info, it still shows my staging FQDN as the origin, and nothing about Access-Control-Allow-Origin is present (viewing in DevTools.)
Is it possible that a webserver can be set so that a CF server cannot alter the header in question?
^ _ ^
Welp.. I found my answer. "DENY". Webserver is set to disallow, so even including the special header "Access-Control-Allow-Origin" will not work.
My job can sometimes be like herding cats.
^ _ ^