The Geolocation REST Interface can be configured to allow requests sent from web browsers using the cross-origin resource sharing (CORS) mechanism. This is required when HTTP (or HTTPS) requests originate from a domain that is different from the domain where the Geolocation REST Interface is running.
CORS options are configured using the corsOptions block in the config.js file:
corsOptions = {
allowedOrigin: '*'
};
This behavior is disabled in the Geolocation REST Interface by default. To enable CORS, uncomment the corsOptions block and configure the options as described in this section.
The following option must be configured:
allowedOrigin: The domain or domains that are permitted to send cross-origin (CORS) requests to the Geolocation REST Interface.
To allow requests from a single domain, use a string:
corsOptions = {
allowedOrigin: 'https://www.example.com'
};
To allow requests from multiple domains, use an array:
corsOptions = {
allowedOrigin: ['https://www.example.com', 'https://www.example.net']
};
To allow requests from any domain, use a wildcard:
corsOptions = {
allowedOrigin: '*'
};
The following may also be configured:
overridePreflightReturn: For pre-flighted CORS requests using the HTTP OPTIONS verb, older browsers may have issues with the correct HTTP status code (204 No Content). Set this option to true to override this behavior to return HTTP status code 200 instead.
corsOptions = {
allowedOrigin: 'https://www.example.com',
overridePreflightReturn: true
};
This setting is not required for modern browsers. If not specified, it defaults to false.