FHIR Chat · CORS · implementers

Stream: implementers

Topic: CORS

view this post on Zulip Vadim Peretokin (Apr 28 2016 at 03:16):

Which public servers support CORS? Either I'm doing it wrong, or not many do.

view this post on Zulip Brian Postlethwaite (Apr 28 2016 at 03:32):

sqlonfhir does support it

view this post on Zulip David Hay (Apr 28 2016 at 03:34):

I believe that Grahames & HAPI do as well..

view this post on Zulip Vadim Peretokin (Apr 28 2016 at 03:36):

I don't see HAPI returning a Access-Control-Allow-Origin header which I understand is required from the server. HAPI happily returns a response, but without it, so my browser is blocking it

view this post on Zulip Vadim Peretokin (Apr 28 2016 at 03:36):

I've discovered cors.io though which gets me by for the time being

view this post on Zulip David Hay (Apr 28 2016 at 03:47):

hmm. you're right! Yet I've got a browser based app making ajax calls on it...

view this post on Zulip Richard Ettema (Apr 28 2016 at 04:07):

Our AEGIS server supports it as well.

view this post on Zulip Josh Mandel (Apr 28 2016 at 04:30):

SMART's server does, too.

view this post on Zulip David Hay (Apr 28 2016 at 04:47):

that cors.io looks like a useful dev site!

view this post on Zulip Brian Postlethwaite (Apr 28 2016 at 05:01):

No issue there passing all your content through their site. ;)

view this post on Zulip David Hay (Apr 28 2016 at 05:12):

yeah - I'm sure they would respect PHI...

view this post on Zulip Brian Postlethwaite (Apr 28 2016 at 05:39):

I wonder if they are sponsored by and of the big search companies :P

view this post on Zulip Vadim Peretokin (Apr 28 2016 at 05:40):

Their responses do have a header saying Server: Google Frontend

view this post on Zulip Vadim Peretokin (Apr 28 2016 at 05:40):

but all that could mean is that it's hosted on GAE

view this post on Zulip James Agnew (May 04 2016 at 03:07):

@Vadim Peretokin HAPI's using the eBay CORS filter, which I don't believe sends the CORS Access-Control-Allow-Origin header unless the request has an Origin.

Curious if this isn't working correctly.. Are you able to share any other details on what's not working? This test seems to work...

view this post on Zulip David McKillop (May 04 2016 at 04:04):

@James Agnew FYI - Vadim is on holiday in NZ for a few weeks and may not get back to you for a little while.

view this post on Zulip Michael Lawley (May 07 2016 at 17:40):

cors.io is very frustrating - it "swallows' the HTTP response codes and I can't work out whether it's properly encoding/decoding the request parameter

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -