Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
CF: Using "Access-Control-Allow-Origin" header in ColdFusion CFScript #snippet
component {
boolean function onRequestStart( required string targetPage ) {
var headers = getHttpRequestData().headers;
var origin = '';
var PC = getpagecontext().getresponse();
// Find the Origin of the request
if( structKeyExists( headers, 'Origin' ) ) {
origin = headers['Origin'];
// If the Origin is okay, then echo it back, otherwise leave out the header key
if( listFindNoCase( ',', origin ) {
PC.setHeader( 'Access-Control-Allow-Origin', origin );
// Only allow GET requests
PC.setHeader( 'Access-Control-Allow-Methods', 'GET' );
return true;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.