Jesse,
I had to dig in the past to find out where I had this situation to handle.
There are few http headers to add on the server where the function are called.
Access-Control-Allow-Origin: origin addresses allowed to call the functions //
Access-Control-Allow-Credentials: true // if you need
Right, so CORS is basically a browser thing and thus my command line or mobile
app requests have all worked
So, I added in my virtual host apache configuration
Header set Access-Control-Allow-Origin "*"
But I’m not sure that’s allowing the headers through still?
Imagine a node.js
Hi Jesee,
If your queries are crossing origins, you need to add CORS headers in your
responses or on your server configuration.
Those includes rules for allowed cookies and headers.
I do not think they are required for same origin requests but this may be
something added lately.
Regards,
I have relied on passing auth keys in headers from mobile apps and scripts.
I can even stuff a header into a curl statement
curl -H "Authorization: MY_PRIVATE_KEY"
In WO I can simply ask
request().headerForKey("Authorization”);
And I get that key, always works as I’d expect