eZ Publish ships with NelmioCorsBundle, a = Symfony open-source bundle that provides support for CORS (Cross Origi= n Resource Sharing). The REST API is pre-configured to respond to such = requests, as long as you customize the allowed origins as explained below.<= /p>
Supported by most modern browsers, this W3C specification defines a set = of custom headers that, under specific circumstances, allow HTTP reque= sts between different hosts. The main use-case is execution of AJAX code fr= om one site towards another.
A couple links about it:
Since CORS support is provided by a 3rd party bundle, we re-use the sema= ntical configuration it provides. You can read more about it on the NelmiCorsBundle's README file.=
The origin of a request is one of the main criteria for allowing or bloc= king a cross origin request. Such requests will come with an Origin HTTP he= ader, automatically added by the browser, that gets approved/blocked by the= server. By default, all cross origin requests will be blocked.
To allow a specific host to execute cross-origin requests, you need to a=
dd this host to the nelmio_cors.default.allow_origin configura=
tion array in config.yml. As an example, in order to allow req=
uests from http://example.com, one would add those lines to
nelmio_cors:
defaults:
allow_origin: [ 'http://example.com' ] =20
The Cors bundle is of course perfectly safe to use for any non-eZ HTTP r=
esource you would like to expose.
Follow the instructions in NelmioCorsBundle's configurat=
ion chapter.