Open mmccool opened 5 years ago
This gave me a lot of pain recently, so +1
Research Engineer, EURECOM, France | SMIEEE | @skdatta2010 |
http://iot.eurecom.fr/
Quoting Michael McCool notifications@github.com:
Consider adding metadata about whether a Thing supports CORS, which
enables use of the device from a browser.-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/wot-security/issues/121
This message was sent using EURECOM Webmail: http://webmail.eurecom.fr
It would be helpful to have some use cases for when we need to modify the default CORS behavior. I think this is probably most relevant to using a browser as a UI to a Thing, and in particular when a single browser session is being used to control multiple devices.
What I'm wondering about is whether this is something that should be in the protocol binding for HTTP: should IoT devices ALWAYS allow connections to devices from other origins? What are the exact use cases? See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
Consider adding metadata about whether a Thing supports CORS, which enables use of the device from a browser.