rknell
commented
11 months ago Hey,
Ok so I had a look at the situation and it looks like we need to detect the domain the request is coming from and add a header if it's allowed.
https://stackoverflow.com/questions/1653308/access-control-allow-origin-multiple-origin-domains
The expressjs example is what i envision implementing, but might make it a comma separated list which is split to keep the api consistent.
i can probaby have an update in a week or two depending in schedule, but will happily accept a pull request if you want to dig in sooner.
the code would be in here: https://github.com/rknell/alfred/blob/master/lib/src/middleware/cors.dart
app.all( '*', cors( origin: 'http://localhost:3333', methods: 'POST, GET, OPTIONS, PUT, DELETE', headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization", ));