Currently it is not possible to enable browser-based applications to call infinispan REST APIs due to the lack of CORS headers in the responses, and there is no way to alter the underlying web server to include these.

This request asks that CORS headers be optionally returned in REST requests, and be configurable by admins. Specifically, the following headers:

• Access-Control-Allow-Origin
• Access-Control-Allow-Credentials
• Access-Control-Expose-Headers
• Access-Control-Max-Age
• Access-Control-Allow-Methods
• Access-Control-Allow-Headers

This would enable browser-based apps to function when working across domains.