Enable CORS for ColdFusion Services

Just a quick tip. CORS is a way to allow remote JavaScript clients to use your fancy APIs. Only the best APIs support it now, but usage is growing. For a good introduction to the topic, see Brian Rinaldi’s excellent blog post here: Getting HTML5 Ready – CORS. Enabling CORS may be done at the web server level, but if you don’t have access to that, or if you want to specifically provide access to one particular CFC file (or method), here is how you can do it.

I’ve got a CFC with 2 simple methods. Don’t worry about what they do – they are just samples. To allow for CORS, you can add one simple header to your code. Unfortunately, you can’t do cfheader in script-based CFCs. Therefore I made a new file, head.cfm, with one line:

Obviously if you use tag-based CFCs this won’t be a problem. Also note you can move that include (or the tag) into a method to enable CORS only for some methods and not others.

Hope this helps!