Therefore I cannot access the API from javascript cross site. Is this expected? In a different ticket, it looked like you folks were using the appropriate Nancy code to produce the correct headers back, but I just can’t get it to work.
Thanks for getting in touch and for researching the problem first! You need to configure the Octopus Server to enable CORS for the domain(s) you care about:
Thanks for getting in touch. There’s actually nothing that needs fixing on Octopus Server, you just need to configure Octopus Server to enable CORS using the Octopus.Server.exe configure --webCorsWhitelist=<yourwhitelist> command.