I'm wondering if there's a way to manipulate the response headers of a doGet method in the Web Dev module. I need to add 'Access-Control-Allow-Origin' to the headers of the response object to allow other domains/servers/sites access to the end points. Javascript has built in security restraints (CORS) to guard against Cross Site Scripting. This is usually negated by adding Access Control in the header response.
I know my code is working because I can easily get the data when consuming the end point from the same server, this is only a problem when using a site on another host (same network).
Here's the main error I get in the browser:
Here's the HTML5 explanation, basically saying you need to add this Header to the response object.
html5rocks.com/en/tutorials/ ... the-server
[code]headers = request['headers']
headers.update({"Access-Control-Allow-Origin":"http://SERVERNAME"})
jsonObject = {"one":"two"}
response = system.util.jsonEncode(jsonObject)
#how do I add this to the actual response (not just the variable)
headers = system.util.jsonEncode(headers)
#I've tried adding them to the request then returning the request but to no avail
request['headers'] = headers
request['servletResponse'] = response
#I've tried all the different response types json, html, response, etc
return {'response': (response)}
[/code]
Any ideas?