Using EventSource with Cross-site Requests (CORS)

To make EventSource work correctly with cross-site requests using CORS:

1. The server side must send the following headers:

Access-Control-Allow-Origin: <your-domain-here>
Access-Control-Expose-Headers: *
Access-Control-Allow-Credentials: true



2. On the client side when creating the EventSource object, add a second parameter like so:

EventSource('your-url-here', {withCredentials: true})




Contributed by Milko Kosturkov