planetfederal / geodroid-server

Apache License 2.0
3 stars 4 forks source link

Enable CORS headers #42

Open jdeolive opened 10 years ago

jdeolive commented 10 years ago

Since the point of the mobile server is to enable webapps on the device it would make sense to allow for cross origin access to it.

ischneider commented 10 years ago

@jdeolive Not sure I totally understand - if the app is on the device, how is this cross-origin? Or is it more about ease of development? i.e. run the server but develop the app on the desktop talking to the device endpoint.

tschaub commented 10 years ago

A static app served from file:///path/to/foo.html could only use data from a server responding with a Access-Control-Allow-Origin: * header. It also might be useful to support apps on one port accessing data from geodroid-server on another.

ischneider commented 10 years ago

understood @tschaub - my question was more "under what realistic circumstances", versus "technically, why?"

would chrome apps be served up with an origin of file:// ? in this case, then yes it is needed as I think this is the best approach to creating/distributing apps

tschaub commented 10 years ago

I think this ticket was triggered by a client trying to browse static files they had copied to their device. I assumed they were browsing with the file "protocol."

If we're talking about the same kind of Chrome apps, the manifest can explicitly allow requests to different origins. I assume CORS support would provide the same without the explicit entry in the manifest. Though this could be wrong.

I've seen mention of WebViews using the file protocol as well. No idea how realistic or common.