CORS for Analytics Endpoints

Published in Polar Mobile

Today, I am getting the chance to work on a new feature enhancement for the analytics endpoints at Polar Mobile. A variety of data is collected from the clients that use our applications in order to enhance their experience. Since Polar is no longer focusing on just native mobile solutions, all of the endpoints that accept analytics data must be CORS-enabled.

CORS stands for Cross-Origin Resource Sharing. It basically permits for a web server to allow its resources to be accessed from different domains. This is necessary since the new products being developed may be hosted or accessed externally. This is quite a neat thing to get a chance to work on since it is quite modern and a lot of different API providers are finding it necessary to enable CORS as well.

I have been actively researching CORS to try to deepen my understanding of what changes will actually be required. At first glance it actually seems quite straightforward. From my current understanding, all that will need to be done is to add a couple of header values to each response that is returned from the server, mainly 'Access-Control-Allow-Origin:*'. By adding this particular header, this will indicate to those browsers that have support that it is OK for other domains to request the resources available on the server.

In order to implement this, I am planning to write a very simple middleware that simply appends the required headers, as needed. This middleware will be applied only to four particular endpoints that require CORS. There will be some endpoints that will continue to operate as usual. Time will tell if it really is that easy to implement CORS!

Written By

Andrew Halligan

Published May 11, 2012