CORS on ColdFusion

If you don't have access to configure you web server, you can still send the header from a ColdFusion script. It's a case of adding the following to your ColdFusion scripts:

Tag Based File

<cfheader name="Access-Control-Allow-Origin" value="*">

Script Based File

cfheader( name="Access-Control-Allow-Origin", value="*");

Or for versions of ColdFusion prior to 11:
var response = getPageContext().getResponse();

Note: This needs to be set before any output has been sent from the server.

Who’s behind this

Monsur Hossain and Michael Hausenblas


The content on this site stays fresh thanks to help from users like you! If you have suggestions or would like to contribute, fork us on GitHub.

Buy the book

Save 39% on CORS in Action with promotional code hossainco at