On 13 October 2015 at 15:39, David Burstin <[email protected]> wrote: > My response headers don't have "Access-Control-Allow-Origin". Any ideas > why? (I am about to hit google)
On 13 October 2015 at 16:11, Thomas Koster <[email protected]> wrote: > Are you using a proxy, firewall or browser plugin that is removing them? > If you suspect this, try HTTPS (although a browser plugin can still bite > you). On 13 October 2015 at 16:15, David Burstin <[email protected]> wrote: > Thanks Thomas. Definitely not a plugin, possibly a proxy or firewall issue. > I will talk to the guys here who know more about this than me. At first, looking at your screenshot, I didn't think that a proxy or firewall was removing headers because outgoing headers look fine and rubbish headers like "X-Powered-By" did make it through. (Why include "X-Powered-By" on a whitelist but not CORS headers?!). But then I noticed that "X-AspNet-Version" is also missing from your screenshot... -- Thomas Koster
