apple / ccs-calendarserver

The Calendar and Contacts Server.
https://www.calendarserver.org
Apache License 2.0
486 stars 136 forks source link

Cross domain queries in Web browsers #466

Closed macosforgebot closed 9 years ago

macosforgebot commented 13 years ago

jan.mate@… originally submitted this as ticket:468


It is impossible to access the calendarserver from javascript due to cross domain security limitations in modern browsers. To allow cross domain queries from javascript based caldav/carddav clients it is important to add several new headers to each response (see http://www.w3.org/TR/cors/).

For example, to use my CardDavMATE client (fully javascript based) the user must patch the calendarserver (see the included patch).

macosforgebot commented 13 years ago

jan.mate@… originally submitted this as _attachment:calendarserver_CardDavMATE.diff:⁠ticket:468_

macosforgebot commented 12 years ago

@wsanchez originally submitted this as comment:1:⁠ticket:468

macosforgebot commented 12 years ago

@wsanchez originally submitted this as comment:2:⁠ticket:468


I hate web browsers…

I'm not sure the web2/server.py is appropriate… I assume these values aren't correct for all servers, or you wouldn't need these headers in the first place. Certainly the allowed methods list needs to correspond to what's allowed on the resource being requested.

macosforgebot commented 12 years ago

@wsanchez originally submitted this as comment:3:⁠ticket:468

macosforgebot commented 12 years ago

jan.mate@… originally submitted this as comment:4:⁠ticket:468


Replying to wsanchez@…:

I hate web browsers…

I'm not sure the web2/server.py is appropriate… I assume these values aren't correct for all servers, or you wouldn't need these headers in the first place. Certainly the allowed methods list needs to correspond to what's allowed on the resource being requested.

Sorry for the late response ... you are right - my patch is not 100% correct (but it works) ... according the http://www.w3.org/TR/cors/#resource-preflight-requests the good solution is:

macosforgebot commented 9 years ago

@wsanchez originally submitted this as comment:24:⁠ticket:468


Expiring old bugs with unknown state and impact.