Search Results

Cross-origin resource sharing

If you are not running behind an API Proxy as recommended, in order to serve API requests to the front-end components running in a different domain, the CORS (Cross-Origin Resource Sharing) headers must be used to allow the browser access to responses.

Setting the PV_CORS_ALL environment variable or --cors-all on the command line to true will add the Access-Control-Allow-Origin HTTP header to responses with the value set to * (implying, ALL hosts). This flag is set by default. This also allows any additional HTTP Headers your application may be sending.

A future version of this may provide a method of allow-listing certain hostnames via environment or command-line flags.