Menu
How it is possible to add Access-Control-Allow-Origin: * header to all responses (in particular, I am interested for static files under /public/) in Meteor? I would need this so that external web apps can access data provides by my Meteor app. More information about enabling CORS is here.
406
Enable CORS support on a REST API resourceSign in to the API Gateway console at https://console.aws.amazon.com/apigateway . Choose the API from the APIs list. Choose a resource under Resources. This will enable CORS for all the methods on the resource.
Open a network tab in your console. In the response header look for the Access-Control-Allow-Origin header. If it does not exist then add it as a middleware in the way we discussed above. If it does exist then make sure there is no URL mismatch with the website.
Here is a little snippet I wrote. You can use as an example in how to access meteor's core connect and modify headers, also a pretty good drop-in for every meteor project:
/**
* HTTP Header Security
*
* enforce HTTP Strict Transport Security (HSTS) to prevent ManInTheMiddle-attacks
* on supported browsers (all but IE)
* > http://www.html5rocks.com/en/tutorials/security/transport-layer-security
*
* @header Strict-Transport-Security: max-age=2592000; includeSubDomains
*/
var connectHandler = WebApp.connectHandlers; // get meteor-core's connect-implementation
// attach connect-style middleware for response header injection
Meteor.startup(function () {
connectHandler.use(function (req, res, next) {
res.setHeader('Strict-Transport-Security', 'max-age=2592000; includeSubDomains'); // 2592000s / 30 days
return next();
})
})
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
