Open CITguy opened 9 years ago
Currently, Access-Control-Allow-Origin is set to '*' to allow scrap access from any origin.
Access-Control-Allow-Origin
'*'
The scrap owner should have access to modify this value to provide fine-grained control of which domain/origin has access to a specific scrap.
This would require a user setting (and ui to manage) to manage acceptable origins for CORs functionality.
This may relate to #7 as pile-specific CORs settings.
System CORS <- Pile CORS <- Scrap CORS
Currently,
Access-Control-Allow-Origin
is set to'*'
to allow scrap access from any origin.The scrap owner should have access to modify this value to provide fine-grained control of which domain/origin has access to a specific scrap.