Earlier today I helped a buddy of mine who was trying to get CORS working with ColdFusion. He followed my simple tip (Enable CORS for ColdFusion Services) but it didn't work. I did some digging and this is what I found.
The first thing I did was to open up his service directly in my browser. I knew I could use Chrome's DevTools to look at the header responses from his service. This is what I saw.
See the funky crap around the Access-Control-Allow-Origin line? That was my clue. I asked him for the code and this is what I saw:
See it? The quotes around the header name and value are those funky smart quotes (they probably have a more formal name) and not "regular" quotes (compare to the name of the function above). So... yeah. They suck.
Archived Comments
Ray, i've found the same problem with <cfheader>, so i tried:
getPageContext().getResponse().setHeader( "Access-Control-Allow-Origin", "*" ) that is a good basic solution imho.
for all undocumented getpageContext() refer to:
http://www.bennadel.com/blo...
regards
Err, I'm confused. The issue with cfheader was the bad quotes. The fix was to use proper quotes.
Ray, time ago i tested an angular app working on my laptop, with an ip, fetching data from my server with another ip, using ajax, and of course i had CORS issues. i tried your solution, writing th code by hand with single and double quotes in attribute values, with no luck.
then i tested a jsonp call and getpageContext() as mentioned and all worked fine, jsonp and getPageContext().
regards
Hmm. If you can ever go back and revert to cfheader, let me know. I'd like to see it.