we are building web app that speaks directly with Progress REST (11.5).
For XMLHttpRequests we have to enable CORS (as application running on the different domain). Out rest supply links to static content that reside in the same as web application with REST.
So when web browser tries to to download images using
it fails as browser doesn't treat this request as cross-origin but server expects Origin header for each request.
Can we configure the web server to make it work?
Is this correct CORS implementation that any request requires Origin header?
As far as I know, CORS always requires the Origin header (www.w3.org/.../cors).
As for the static images, a quick Google search came up with the following:
I hope this helps.
As far as I understand CORS is protocol that developed for user-agents (web browsers). And browsers requires web server to support CORS in order to make cross domain requests.
And Origin is sort of flag for web server that indicates CORS request.
So it is very strange that with enabled CORS in Progress Tomcat you can't make any requests without Origin. As I it quite easy to find allowed domain for the CORS.
What I'm trying to say if I have program REST client then I don't need to implement CORS protocol I just need to send Origin header which doesn't make any sense to me.
But from web browser you can't neither set Origin or make cross domain without Origin header.