search

w3c / wot-security

a repo exclusively for security to better manage issues and security considerations for WoT
https://w3c.github.io/wot-security/
18 stars 22 forks source link

Support CORS #121

Open mmccool opened 5 years ago

mmccool commented 5 years ago

Consider adding metadata about whether a Thing supports CORS, which enables use of the device from a browser.

ghost commented 5 years ago

This gave me a lot of pain recently, so +1

Research Engineer, EURECOM, France | SMIEEE | @skdatta2010 |
http://iot.eurecom.fr/

Quoting Michael McCool notifications@github.com:

Consider adding metadata about whether a Thing supports CORS, which
enables use of the device from a browser.

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/wot-security/issues/121

This message was sent using EURECOM Webmail: http://webmail.eurecom.fr

mmccool commented 5 years ago

It would be helpful to have some use cases for when we need to modify the default CORS behavior. I think this is probably most relevant to using a browser as a UI to a Thing, and in particular when a single browser session is being used to control multiple devices.

mmccool commented 5 years ago

What I'm wondering about is whether this is something that should be in the protocol binding for HTTP: should IoT devices ALWAYS allow connections to devices from other origins? What are the exact use cases? See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS