leplatrem
commented
9 years ago Cliquet manages CORS headers already !
I take this feedback as a lack of documentation about it then :)
Closed michielbdejong closed 9 years ago
leplatrem
commented
9 years ago Cliquet manages CORS headers already !
I take this feedback as a lack of documentation about it then :)
michielbdejong
commented
9 years ago Oh, cool! Yes, the GET example on http://cliquet.readthedocs.org/en/latest/api/resource.html has the
Access-Control-Expose-Headers: Backoff, Retry-After, Alert, Next-Page, Total-Records, Last-Modifiedresponse header, but it would be instructive to also show the Access-Control-Allow-Origin header there.
Natim
commented
9 years ago With cornice the Access-Control-Allow-Origin is present only if you send the Origin header with the request, as we don't provide it in the documentation example, it doesn't appears :)
leplatrem
commented
9 years ago Yes I agree that we should add it :)
almet
commented
9 years ago Done!
CORS headers are fun! :)
GoogleDrive, Dropbox, remoteStorage, and Hoodie all expose CORS headers on their APIs. They allow users to choose their favorite server, under their control, and http requests will still work from client-side web apps without the need to give those apps elevated permissions.
What are your thoughts about this?