Closed ThibaudDauce closed 1 month ago
See https://github.com/datagouv/data.gouv.fr/issues/1359
I copied the implementation of the biggest PHP framework (the middleware and the CORS logic) while removing all the generics conditions (since we are an API we have a lot of stuff allowed to the maximum)
Exemple de test CORS:
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Document</title> </head> <body> <div data-udata-dataset="666c037b54009239e0a974ad"></div><script src="http://dev.local:7000/static/oembed.js" async defer></script> <div id="results"></div> <script> const results = document.getElementById('results') const get = async (url) => { const response = await fetch(url, { headers: { 'XXXX': 'xxx', }, }) const body = await response.text() results.innerHTML = `${results.innerHTML}<br><br>${body}` } (async () => { await get('http://dev.local:7000/api/1/datasets') })() </script> </body> </html>
See https://github.com/datagouv/data.gouv.fr/issues/1359
I copied the implementation of the biggest PHP framework (the middleware and the CORS logic) while removing all the generics conditions (since we are an API we have a lot of stuff allowed to the maximum)
Exemple de test CORS: