We are using ORDS to provide the PL/SQL gateway facilities that used to be provided by mod_plsql. But ORDS has to be deployed to a different domain from the web page that wants to invoke the PL/SQL function via a POST command. We are using a Chrome browser, and it is unable to access the PL/SQL via ORDS because it does not have cross origin resource sharing set to allow it.
I've found in the document "ORDS Installation, Configuration, and Development Guide" the PL/SQL function ORDS.SET_MODULE_ORIGINS_ALLOWED, which looks like it might do the job, but if we have to use that, what module do we specify to set the origins of? We have not created any ORDS modules ourselves, and we are not using APEX, we are just using the default PL/SQL Gateway setup. The ORDS PL/SQL Package Reference does not seem to specify any way to list the modules. I found a table called ORDS_MODULES in the database (in an ords metadata schema), but it seems to be empty so that didn't help. Maybe there isn't a module in our scenario - but in that case how do we specify allowed origins?
This is ORDS version 3.0.6. Strangely enough the problem doesn't happen in version 3.0.2. Maybe that older version just ignores CORS altogether, which I suppose would have been a deficiency, but 3.0.6 is only an improvement if we can find the way to specify the allowed origins. We obviously can't afford to be stuck on version 3.0.2 for ever.
In case it matters ORDS is deployed on a Weblogic 10.3.6 server. (I've seen another thread in which someone had a problem with CORS when deployed on Apache and Tomcat which required a change to their configuration too, so I suppose the same might be true of weblogic, but haven't been able to find anything about it - and the ORDS Installation, Configuration, and Development Guide section C.8.6 about CORS seems to be just saying that it is an ORDS configuration matter.)