Why does the API have CORS disabled?

google / gitiles

A simple browser for Git repositories.

https://gerrit.googlesource.com/gitiles/

Other

582 stars 174 forks source link

Why does the API have CORS disabled? #119

Open refi64 opened 6 years ago

refi64 commented 6 years ago

Seems kinda silly to disable the requests on the API... Just try to access https://chromium.googlesource.com/chromium/buildtools/+/master/linux64/gn.sha1?format=JSON from browser JS...

jrtapsell commented 6 years ago

Had to use a workaround for this while making an HSTS state checker

jrtapsell commented 6 years ago

Looks like this is caused by the settings used by googlesource.com:

https://github.com/google/gitiles/blob/9645f0fc3c784bc32382720fb8f9e1f95ac5fc0b/java/com/google/gitiles/BaseServlet.java#L387-L412