Index page `/` has no CORS headers

simonw commented 2 years ago

Compare the following:

% curl -I 'https://latest.datasette.io/fixtures'
HTTP/1.1 200 OK
link: https://latest.datasette.io/fixtures.json; rel="alternate"; type="application/json+datasette"
cache-control: max-age=5
referrer-policy: no-referrer
access-control-allow-origin: *
access-control-allow-headers: Authorization
access-control-expose-headers: Link
content-type: text/html; charset=utf-8
x-databases: _memory, _internal, fixtures, extra_database
Date: Wed, 02 Feb 2022 21:55:49 GMT
Server: Google Frontend
Transfer-Encoding: chunked

% curl -I 'https://latest.datasette.io/'        
HTTP/1.1 200 OK
link: https://latest.datasette.io/.json; rel="alternate"; type="application/json+datasette"
content-type: text/html; charset=utf-8
x-databases: _memory, _internal, fixtures, extra_database
Date: Wed, 02 Feb 2022 21:55:52 GMT
Server: Google Frontend
Transfer-Encoding: chunked

simonw commented 2 years ago

It looks like this is because IndexView extends BaseView rather than extending DataView which is where all that CORS stuff happens:

https://github.com/simonw/datasette/blob/23a09b0f6af33c52acf8c1d9002fe475b42fee10/datasette/views/index.py#L18-L21

Another thing I should address with the refactor project in:

878

palfrey commented 1 year ago

https://github.com/simonw/datasette-cors seems to workaround this

simonw / datasette

Index page `/` has no CORS headers #1624

878