I use RemObjects Remoting SDK - 10.0.0.1521 and met the CORS problem in TROCustomHTTPServer.
Cross-Origin Resource Sharing (CORS) - HTTP | MDN (find the text “Once the preflight request is complete, the real request is sent” as a tag) states that the header
Access-Control-Allow-Origin: <origin> | *
must be present for both kinds of responses
- preflight request (OPTIONS)
- real request (POST, PUT, …)
However, the method
TROCustomHTTPServer.DoCORSSupport handles only OPTIONS request.
Q: Is it by design according to a HTTP spec? Or is a bug?