response.header("Access-Control-Allow-Origin", "*"); response.header("Access-Control-Allow-Headers", "Origin, X-Requested-With,Content-Type, Accept"); response.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE')