Open captainsafia opened 9 years ago
We could consider picking up tornado-cors to simplify some of the CORS config. Or we may want to build our own derivative/alternative package, but I'm not a fan of how many wheels we tend reinvent. @captainsafia do you want to investigate tornado-cors? The main thing we tend to support that tornado-cors doesn't is origin related:
Sure, @minrk. I'll look into tornado-cors
a bit more and see what we can make from it.
server-side origin checking to enforce CORS for cases when headers aren't enough
particularly when working with websockets
Currently, both need the following and this should be moved to a separate library: