Using EventSource with Cross-site Requests (CORS)

To make EventSource work correctly with cross-site requests using CORS:

1. The server side must send the following headers:

Access-Control-Allow-Origin: <your-domain-here>
Access-Control-Expose-Headers: *
Access-Control-Allow-Credentials: true

See:
http://www.html5rocks.com/en/tutorials/cors/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
http://www.w3.org/TR/cors/

 

2. On the client side when creating the EventSource object, add a second parameter like so:

EventSource('your-url-here', {withCredentials: true})

 

Enjoy

 

Contributed by Milko Kosturkov