I discussed it with @krzysztofspilka yesterday that we should offer a free CORS proxy to help the developers get a quick start with Spreadsheet Viewer. The CORS proxy removes the need to set the headers in XLSX file server HTTP responses, at the cost of using a middleman (our service).
The easiest way for us to offer the CORS proxy is via CloudFlare.
Tasks include:
[ ] design a CORS API in SV that works automatically (if the workbook origin is different than the frame assets origin), but still make it possible to disable or change the proxy
[ ] explain the new API in the docs
[ ] write CORS proxy TOS (see below)
[ ] deploy the CORS proxy service
We need to write Terms of Service that includes:
the service is provided free of charge for end-users of SV
the service is optional and is not required for SV to function
the service purpose is to make changes to HTTP responses that allow loading files without being blocked by browser's cross-origin security protection (CORS)
the service works by adding Access-Control-Allow-Origin headers to the response
the service is only intended to work with certain document types (spreadsheets) and might not work with other kinds of resources (only certain mime types are allowed)
the service uses third party cloud infrastructure provider (Cloudflare) and is subject to their TOS
the service might add other headers and process the files in additional ways, including reading of the files and processing them for stats purposes
we reserve the right to make API changes that will break compatibility with older versions of SV, or to disable the service with prior notice
the service might reject the request if the target server takes too long to respond or if the response size is too large
we reserve the right to limit the request rate (number of allowed requests in a time period)
the service makes requests for third party servers on behalf of the user. We shall not take responsibility for unauthorized access to resources located at third-party servers nor for the amount of traffic generated by user requests and the consequences of it (hosting cost, DDOS attacks)
Maybe we could take a look at DNS, CDN, SSH tunnel services TOS for inspiration what else to include.
I discussed it with @krzysztofspilka yesterday that we should offer a free CORS proxy to help the developers get a quick start with Spreadsheet Viewer. The CORS proxy removes the need to set the headers in XLSX file server HTTP responses, at the cost of using a middleman (our service).
The easiest way for us to offer the CORS proxy is via CloudFlare.
Tasks include:
We need to write Terms of Service that includes:
Access-Control-Allow-Originheaders to the responseMaybe we could take a look at DNS, CDN, SSH tunnel services TOS for inspiration what else to include.