CORS - noi-techpark/documentation GitHub Wiki
Cross-origin resource sharing (CORS)
Some thoughts about security
Testing whether CORS is enabled on your web-service
Testing a simple request:
curl -H "Origin: http://example.com" \
-X OPTIONS --verbose http://localhost:8090/your_api/your_method
Testing a pre-flight request:
curl -H "Origin: http://example.com" \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: X-Requested-With" \
-X OPTIONS --verbose http://localhost:8090/your_api/your_method
If that request returns
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
you're all set.