Implement sending "Allow Cross Origin Header"

[ElToberino]

I'm running the API on an Raspberry PI B, whose only purpose is sending data of currently playing media and active devices to requesting clients (ESPs e.g.). This works really fine, but I faced a problem, which makes my kind of usage a little cumbersome: Calling the API via "fetch" request directly from a browser located on another device in my network doesn't work - the browser denies it because it's a cross origin request.

So would it be possible to add a " Access-Control-Allow-Origin: * " header to the API answers? This would be great and it would be much easier to handle the API if you want to use just a browser - located somewhere in your network. I don't think this could be a security issue because the API itself is intendend to be used only in safe private networks.

If you don't want do implement this line, could you please tell me, how and where I could change this myself ? I'm firm with ESPs; Arduinos etc. but don't have a deeper knowldege of node.js.

Thanks a lot and best regards!

EDIT: LoL, I found it out and this is quite simple. Open the file api.js and just add the following code snippet between line 25 and 26:

webserver.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
 res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
 next();
});

Have fun and best regards!