We recently built a Angular 5 application that used Joomla as a backend service. The angular service was deployed on a primary domain, and Joomla was set up at a subdomain. The result, we now have CORS support. YAY!
We have now released com_api v2.3 that adds support for CORS. There are also a few other minor improvements, read on for more details.
There's a new section in the Component Configuration that lets you turn on CORS. CORS can be enabled for GET, POST or all HTTP methods. It is possible to limit CORS access to specific origin domains or to all. Lastly, you can specify which headers are sent back in the Access-Control-Allow-Headers header.
Let us know what you think in the comments below. Were you looking forward to this feature? What can we continue to improve on?