Closed michielbdejong closed 9 years ago
Cliquet manages CORS headers already !
I take this feedback as a lack of documentation about it then :)
Oh, cool! Yes, the GET example on http://cliquet.readthedocs.org/en/latest/api/resource.html has the
Access-Control-Expose-Headers: Backoff, Retry-After, Alert, Next-Page, Total-Records, Last-Modified
response header, but it would be instructive to also show the Access-Control-Allow-Origin
header there.
With cornice the Access-Control-Allow-Origin
is present only if you send the Origin
header with the request, as we don't provide it in the documentation example, it doesn't appears :)
Yes I agree that we should add it :)
Done!
CORS headers are fun! :)
GoogleDrive, Dropbox, remoteStorage, and Hoodie all expose CORS headers on their APIs. They allow users to choose their favorite server, under their control, and http requests will still work from client-side web apps without the need to give those apps elevated permissions.
What are your thoughts about this?