Hi all - I’m new to CDF.
I’d like to call CDF from JavaScript running in a browser using a bearer token as authentication.
This request works fine when made from a tool such as Postman, but when the same call is made from JavaScript running in a browser using the same URL and bearer token, the browser’s CORS policy blocks the request because CDF has not responded to the preflight OPTIONS
request with the HTTP header Access-Control-Allow-Credentials: true
Apart from this, CDF is correctly sending out all the other HTTP headers needed to satisfy the browser’s CORS policy such as
Access-Control-Allow-Headers
Access-Control-Allow-MethodsAccess-Control-Allow-Origin
Access-Control-Expose-Headers
Access-Control-Max-Age
Where do I configure CDF to respond with this additional HTTP header?
Thanks