Description of problem: I'm developing a dashboard that consumes data from the new REST API added in BZ5. https://github.com/stephenfin/bugzilla-dashboard However, I'm forced to deploy this application interally (http://file.emea.redhat.com) due to CORS issues. This shouldn't be necessary for a public REST API. Version-Release number of selected component (if applicable): N/A How reproducible: Always. Steps to Reproduce: 1. Make an AJAX call to 'https://bugzilla.redhat.com/rest/bug' Actual results: I see the following error in my console: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://bugzilla.redhat.com/rest/bug?component=openstack-nova. (Reason: CORS request did not succeed). Expected results: The call should work. Additional info: The response should include the following header, allowing users to build tooling that uses the REST API. Access-Control-Allow-Origin: *
> Additional info: > The response should include the following header, allowing users to build tooling that uses the REST API. > > Access-Control-Allow-Origin: * I should note, in case it wasn't obvious, that we clearly only need this header set for responses from the '/rest' path and subpaths.
*** This bug has been marked as a duplicate of bug 1641232 ***