search

personium / personium-core

Core module of Personium
https://personium.io
Apache License 2.0
88 stars 16 forks source link

Box URL API does not support CORS #112

Closed dixonsiu closed 6 years ago

dixonsiu commented 6 years ago

When a user is from another domain, the response header that contains URL information is not accessible.

Suggestion:

  1. Fastest and easiest way is to put the URL in the response body.
  2. Return proper response headers which support CORS.

{ "Url": "https://demo.personium.io/john.doe/schedule/" }

Other Changes Required

Successful Status Code: 204 -> 200 Box Url Ending Slash in Location Header: no -> yes

shimono commented 6 years ago

https://personium.github.io/en/apiref/current/002_CORS_Support.html

It seems if you send the following request header, problem may be solved. 

Access-Control-Request-Headers: Location
dixonsiu commented 6 years ago

Actually the server must reply with the following response header so that JavaScript can access the header - "Location".
'Access-Control-Expose-Headers': 'Location'

SawamiWataru commented 6 years ago

Released in v1.6.6