Cross-Origin Resource Sharing (CORS) support?

[brylie]

As an API manager,
I would like to quickly add CORS support to any defined API
So that developers can make cross-origin requests easily

Proposal (1)- documentation

Add 'cookbook' style CORS recipe to API Umbrella docs, describing what header values to add/modify to enable CORS support on proxy endpoints.

Proposal (2) - toggle widget

Create 'Enable CORS' toggle switch on endpoint configuration screen, with corresponding informative text of the implications of enabling CORS.

Proposal (3) - Auto-configure button

Add a button to the header configuration section of the UI to "Add CORS headers". The header fields will be created and user-editable.

[GUI]

I'm somewhat inclined to favor Proposal 3, where API Umbrella could automatically add the CORS headers on any responses proxied through it.

While we've generally avoided modifying the API responses at the API Umbrella layer, I think CORS is such a simple thing that a lot of people want to always be defaulting to, that it could certainly make sense to have an option to force the CORS headers at the API Umbrella layer. A few other people have also requested this, so it's something I'd like to do, and it should be pretty straight forward to implement.

And just for my own tracking purposes and to tie these issues together, here's a counterpart issue to this for our api.data.gov project: 18F/api.data.gov#120

[kyyberi]

+1

[brylie]

@kyyberi sent me a link to his CORS implementation.

[GUI]

Belatedly closing this, since this was part of the v0.8 release.

[as33ms]

@GUI : If I understand correct, then the required changeset (for modifying response headers) is not a part of the current available debian (at apiumbrella.io/download | api-umbrella_0.8.0-1_amd64.deb). Do you have any idea when the latest version (v0.8.16) is going to be available?