How to set webservice response headers

Hi all,

I’m trying to set a specific HTTP header (Access-Control-Allow-Origin) on HTTP responses to be emitted by a SmartApp - cannot find how to do it - any hints?

Best regards,

Hi @giancarlobonans ,
Did you ever found the answer?

I’m also getting ACAO response from a get on the endpoints

The ST documentation doesn’t refer to CORS at all.

This is an example of setting headers. I don’t know if access control works the same way:

def map = [
    		uri: appSettings.apiPath, 
    		body: data, 
    		headers : ["x-http-method-override" : "PATCH"]
    	httpPostJson(map) {    "posted"      


I can’t even get this far. I’m querying the endpoints endpoint (yes, that’s intentional), not calling one of the endpoints.

You probably won’t be able to do that client side. This has to be done on a server…

It really shouldn’t matter from where the call originates, as long as I have the token. But thanks to ST over-reaction on security, this has become a total PITA. For the love of all that is good, token flow is good enough. Do away with code flow.

I also have this problem. I just want to test my webservice with ajax call from my html page, but I can’t . I have to call a proxy that forwards my request to ST.
At least during development we should be able to enable CORS on our web services responses.
If anyone found any solution to this please share.