Enabling CORS everywhere

Question

Enabling CORS everywhere

julsraemy opened this issue 3 years ago · 1 comments

Currently, CORS headers are enabled within the info.json that SIPI delivers (access-control-allow-origin: *) but they are not enabled in images and documents in server. This is an important issue that needs to resolved.

Answer 1 · 2021-12-08T13:15:02.000Z

also, having access-control-allow-origin set to * is a problem we have run into: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials

Basically, access-control-allow-origin needs to always mirror the origin of the request.