Closed macosforgebot closed 9 years ago
jan.mate@… originally submitted this as _attachment:calendarserver_CardDavMATE.diff:ticket:468_
@wsanchez originally submitted this as comment:1:ticket:468
@wsanchez originally submitted this as comment:2:ticket:468
I hate web browsers…
I'm not sure the web2/server.py
is appropriate… I assume these values aren't correct for all servers, or you wouldn't need these headers in the first place. Certainly the allowed methods list needs to correspond to what's allowed on the resource being requested.
@wsanchez originally submitted this as comment:3:ticket:468
jan.mate@… originally submitted this as comment:4:ticket:468
Replying to wsanchez@…:
I hate web browsers…
I'm not sure the
web2/server.py
is appropriate… I assume these values aren't correct for all servers, or you wouldn't need these headers in the first place. Certainly the allowed methods list needs to correspond to what's allowed on the resource being requested.
Sorry for the late response ... you are right - my patch is not 100% correct (but it works) ... according the http://www.w3.org/TR/cors/#resource-preflight-requests the good solution is:
@wsanchez originally submitted this as comment:24:ticket:468
Expiring old bugs with unknown state and impact.
jan.mate@… originally submitted this as ticket:468
It is impossible to access the calendarserver from javascript due to cross domain security limitations in modern browsers. To allow cross domain queries from javascript based caldav/carddav clients it is important to add several new headers to each response (see http://www.w3.org/TR/cors/).
For example, to use my CardDavMATE client (fully javascript based) the user must patch the calendarserver (see the included patch).