I have a CUBA application with a REST API. Even though the documentation states that CORS headers allowing every origin should be added to the responses by default, this does not happen, and when I issue an OPTIONS request to any API endpoint with Postman, the response does not contain any Access-Control-* header.
I have tried to explicitly add the cuba.rest.allowedOrigins=* parameter in app.properties and web-app.properties, but still no luck.
I am not currently not using any custom controllers, just the built-in CRUD endpoints.
What could be wrong?
P.s. if there is no obvious answer, do I have a way in CUBA to define a standard Java servlet filter that executes for the entire REST API and “manually” adds these headers to outgoing responses?
This in web-dispatcher-spring.xml doesn’t work either:
<mvc:cors>
<mvc:mapping path="/rest/**" allowed-origins="*"/>
</mvc:cors>
UPDATE: Sorry, it was my mistake. Had to debug into Spring’s CORS filter to see that no CORS headers are produced when no Origin header is present, and Postman does not send an Origin header unless explicitly set.
Thank you!
Peter