-
Improvement
-
Resolution: Fixed
-
Normal
-
None
-
None
CORS means that modern browsers can use XMLHttpRequests (or, for IE, XDomainRequests) to request cross-domain data, without having to use a workaround like JSONP.
Presumably we want the webservice to be as available/usable as possible, so it seems we should probably set this up. It's just one header that should be returned on anything that's public information (so, most of the webservice):
Access-Control-Allow-Origin: "*"
for more information: http://enable-cors.org/ http://en.wikipedia.org/wiki/Cross-Origin_Resource_Sharing
- has related issue
-
MBS-8882 CORS not supported for search API (both HTTP and HTTPS)
- Closed
-
MBS-3294 clientaccesspolicy.xml and/or crossdomain.xml for Silverlight/Flash Crossdomain Calls
- Closed
-
MBS-6033 Allow CORS preflights
- Closed
- is a dependency of
-
MBS-12169 Autogenerated/interactive API documentation
- In Progress