Overview
Why Header Configuration?
Header configuaration helps us achieve so much ranging from responses to error codes and so much more,
but for this guide, we'll be talking about Header config
in relation to CORS. CORS usually creates a lot of problems for
developers, and this is as a result of poor header config. So, let's get started.
You can test your CORS Support here: http://www.test-cors.org/
You can read the specification here: https://www.w3.org/TR/cors/
Solution
Access-Control-Allow-Origin
When an app/site(siteX) tries to fetch content from your Leaf app, you can send an Access-Control-Allow-Origin response header to tell the browser that the content of this page is accessible to certain origins.
(An origin is a domain, plus a scheme and port number.) By default, your Leaf app's content isn't available to any other origin; using the Access-Control-Allow-Origin header opens a door for cross-origin access by specific requesting origins.
You can authorize siteX
by adding Access-Control-Allow-Origin: siteX
or you can allow all origins by adding Access-Control-Allow-Origin: *
.
Access-Control-Allow-Headers
The Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.
Access-Control-Allow-Methods
The Access-Control-Allow-Methods header specifies the method or methods allowed when accessing the resource. This is used in response to a preflight request. The conditions under which a request is preflighted are discussed above.
Next Steps
Re-routing to index.phpSimple Routing
Request
Response