Cross-Origin Request Headers

[clee231]

We may need to send specific headers to allow request headers. Mac was experiencing this issue below yesterday.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https:///api/events. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

This is more of a browser policy. Mac hosted the front-end application on his own website, which may actually be the cause for this error.

[ezalenski]

I don't think we want to allow this, I believe this is a security issue and stops people from randomly signing in with POST requests. I think the solution is to have the same domain host the front-end.