SmithChart
commented
2 years ago The iobus-server does not care about authentication whatsoever. If anyone want's to restrict access external measures are needed anyway.
So I don't mind setting that CORS header. Also: I would not mind to expose the state of pins (read or write) via the REST API as long as the state is consistent between API, nodes and web-interface.
In order to use the IOBus server REST API from within a website hosted under another hostname or on another port on the same host we need to set the appropriate CORS headers. What appropriate CORS headers are can be a tough question to answer, as it depends on which data is considered private and should not be available to anyone hosting a website on the internet who is able to guess domain names/IPs in our local network.
This commit makes the list of nodes and the node info publicly accessible but not the pin stati or any pin controls.
Signed-off-by: Leonard Göhrs l.goehrs@pengutronix.de