Is it possible to set Access-Control-Allow-Origin to the IP of the client making the request instead of “" (not hard-coded to a specific IP, but set dynamically depending on the IP of the client)? We’re looking into using a load balancer which utilizes sticky sessions with cookies, and CORS doesn’t allow cookies to be sent in Javascript HTTP requests when Access-Control-Allow-Origin is set to "”.
Thanks!
Is it possible to set Access-Control-Allow-Origin to the IP of the client making the request instead of “" (not hard-coded to a specific IP, but set dynamically depending on the IP of the client)? We’re looking into using a load balancer which utilizes sticky sessions with cookies, and CORS doesn’t allow cookies to be sent in Javascript HTTP requests when Access-Control-Allow-Origin is set to "”.
Thanks!
I think I figured it out. I added this to a custom module:
httpSession.setUserHTTPHeader(“Access-Control-Allow-Origin”, httpSession.getHTTPHeader(“origin”));
And it seems to do what I need. (I actually needed origin, not client IP!)
Hi,
That’s great news, thanks for the update.
Regards,
Jason