Closed pfrazee closed 6 years ago
I plan to specify that and each route in detail
Working implementation is available at https://github.com/beakerbrowser/homebase
I put together a client module as well, no dependencies, runs automated tests against homebase: https://github.com/beakerbrowser/dat-pinning-service-client
Is there a requirement for these services to have CORS headers so that they could be interacted with from within a webpage?
Would we want CORS to be enabled?
If CORS isn't set to *
you won't be able to do POSTs in JS AFAIK.
Not sure if there were more caveats for the dat://
origin.
Yeah I'm not sure we want to enable web pages to do that yet. Users would have to give their username/password to the site to do the login flow. For Beaker, I suspect we'd want to create some kind of utility for managing that access.
I originally wrote a big rant, but the summary is that I think that nudging people to provide CORS headers for all PSAs will enable more interesting applications. Even if you don't want to explicitly require it now, this can be changed in the future and could be enabled by hosts that want to allow it.
That's a fair point.
This looks good to me for Draft status.
We do usually want a "Privacy" section for standard/protocol DEPs, even if it's just a "no privacy concerns" or "this is for public/published works only" context note.
Did you mean to link to archive.org instead of direct a link? It appears twice.
@millette yes, that was intentional to make sure the linked target doesnt change
Implementations: