Last week I had several issues come up regarding CORS in a couple of Customer Web Connection REST applications. One issue is that Apple has somewhat recently changed browser requirements for CORS and no longer allows the use of * for Access-Control-Allow-Origin: * and any other of the header values, which as it turns out breaks services on iOS based devices and in Safari on the Mac.

As a result I reviewed the way Web Connection provides its default CORS implementation which has been... uh overly simplistic. As a result I've made some changes the way the REST templates are generated and if you're using REST services that are getting called cross-domain from Web browsers, you should definitely read this post which reviews how CORS works and provides a much more comprehensive default CORS implementation that handles the new rules as well as returns CORS headers only when it's really needed.

• What is CORS and how to set it up in West Wind Web Connection

Check it out,

+++ Rick ---