CORS not working (again) from Chrome Widget. Here's a solution

[satyavh]

Suddenly CORS stopped working again for my Chrome widget, so for the community's sake; here's a solution that does work:

The problem is that the Restivus OPTIONS response is ignoring the enableCors and defaultHeaders as set (or if not set, the default) in the Restivus config. But only in the case of calling the API from a Chrome widget. When called from web / Postman there is no problem.

So you have to setup that manually. Here's the solution that does work:

Api.addRoute 'collections', authRequired: true,
    get: () ->
      # do something

      return {
        status: "success"
        header:
          'Content-Type': 'application/json'
          'Access-Control-Allow-Origin': '*'
          'Access-Control-Allow-Headers': 'X-Auth-Token, X-User-Id' 
      }
   options: ->      
      return {
        'Content-Type': 'application/json'
        'Access-Control-Allow-Origin': '*'
        'Access-Control-Allow-Headers': 'X-Auth-Token, X-User-Id' 
      }

Unfortunately you have to do that for every route and endpoint, but at least you have fine-grain control over the options response.

I don't know why this response to a Chrome widgets ajax call would be different than from the web. You might want to check into that at some point.