Last week I had several issues come up regarding CORS in a couple of Customer Web Connection REST applications. One issue is that Apple has somewhat recently changed browser requirements for CORS and no longer allows the use of * for Access-Control-Allow-Origin: * and any other of the header values, which as it turns out breaks services on iOS based devices and in Safari on the Mac.

As a result I reviewed the way Web Connection provides its default CORS implementation which has been... uh overly simplistic. As a result I've made some changes the way the REST templates are generated and if you're using REST services that are getting called cross-domain from Web browsers, you should definitely read this post which reviews how CORS works and provides a much more comprehensive default CORS implementation that handles the new rules as well as returns CORS headers only when it's really needed.

• What is CORS and how to set it up in West Wind Web Connection

Check it out,

+++ Rick ---

Thanks! It's one of those things I've only ever understood at a... uh simplistic level, and I look forward to being educated. 😃

Turns out I didn't fully understand the full logistics of CORS either until recently 😄

Actually makes a lot more sense to me now although it's still a weird protocol because it only really works through Web Browser script requests - everything else doesn't really use it (although technically any client can request it).

+++ Rick ---