Enabling CORS


I am running into an issue when trying to redirect to a bokeh page through javascript.

My javascript is as simple as this

xmlHttp.open("GET", "http://some_server:some_port/run/app");

In the response I get redirected to an actual bokeh server address which got started earlier with this command

bokeh serve --allow-websocket-origin=* --port=44200

But my browser complains about CORS

Access to XMLHttpRequest at ‘http://bokeh_host:44200/app’ (redirected from ‘http://some_server:some_port/run’) from origin ‘null’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Does bokeh allow me to set the CORS header somewhere? I am fully aware of the dangers of this and I am making an informed decision.