In Membrane, headers can be easily added to requests or responses. In this instance we add all CORS headers and set them up to allow any origin as well as usage of authentication credentials, but we limit the allowed HTTP methods to only GET.
<api port="2000">
<response>
<setHeader name="Access-Control-Allow-Origin" value="*" />
<setHeader name="Access-Control-Allow-Methods" value="GET" />
<setHeader name="Access-Control-Allow-Headers" value="Content-Type, Authorization" />
<setHeader name="Access-Control-Allow-Credentials" value="true" />
<setHeader name="Access-Control-Max-Age" value="3600" />
</response>
<target url="https://api.predic8.de" />
</api>| SetHeader | Documentation |