Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CF: Using "Access-Control-Allow-Origin" header in ColdFusion CFScript #snippet
component {
boolean function onRequestStart( required string targetPage ) {
var headers = getHttpRequestData().headers;
var origin = '';
var PC = getpagecontext().getresponse();
// Find the Origin of the request
if( structKeyExists( headers, 'Origin' ) ) {
origin = headers['Origin'];
}
// If the Origin is okay, then echo it back, otherwise leave out the header key
if( listFindNoCase( 'http://www.mysite.com,http://mysite.com', origin ) {
PC.setHeader( 'Access-Control-Allow-Origin', origin );
}
// Only allow GET requests
PC.setHeader( 'Access-Control-Allow-Methods', 'GET' );
return true;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.