Hi,

I am attempting to access the public usegalaxy.org server using the REST API from web browsers.

The question:  I am not seeing Access-Control-Allow-* headers in REST API responses. Are browser REST CORS requests supported by the Galaxy servers?

More details:

Here is an error reported by Chrome during a preflight OPTIONS request for a GET https://usegalaxy.org/api/tools?key=MYREALKEY request.

XMLHttpRequest cannot load https://usegalaxy.org/api/tools?key=xxxxxx. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63342' is therefore not allowed access. The response had HTTP status code 404.

The request headers:
  1. Accept:
    */*
  2. Accept-Encoding:
    gzip, deflate, sdch
  3. Accept-Language:
    en-US,en;q=0.8,es;q=0.6
  4. Access-Control-Request-Headers:
    accept, content-type, gs-toolname
  5. Access-Control-Request-Method:
    GET
  6. Connection:
    keep-alive
  7. Host:
    usegalaxy.org
  8. Origin:
    http://localhost:63342
  9. Referer:
    http://localhost:63342/GSRemoteComputatio/TestWidgetsWithRemoteJobs.html
  10. User-Agent:
    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
The response headers from Galaxy:
  1. Connection:
    keep-alive
  2. Content-Encoding:
    gzip
  3. Content-Type:
    text/html
  4. Date:
    Tue, 13 Oct 2015 22:14:31 GMT
  5. Server:
    nginx/1.4.7
  6. Transfer-Encoding:
    chunked
  7. Vary:
    Accept-Encoding
Thanks

Marco