New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow CORS #1441

Closed
SebastianZimmer opened this Issue Mar 23, 2017 · 4 comments

Comments

Projects
None yet
3 participants
@SebastianZimmer

SebastianZimmer commented Mar 23, 2017

I want to send requests to the BaseX REST API via AJAX/fetch from a website on a different domain. For this to work, BaseX would need to send an Access-Control-Allow-Origin HTTP header with its responses. Currently, there seems to be no built-in way to do this, thus this feature request to allow CORS.

Related: http://stackoverflow.com/questions/42932689/basex-rest-api-set-custom-http-response-header

@ChristianGruen

This comment has been minimized.

Member

ChristianGruen commented Mar 23, 2017

Hi Sebastian, Could you please confirm if the StackOverflow solution provided by @JensErat met your requirements? If yes, I will embed it in future versions of BaseX (the jetty-servlets has already been requested by another user; it’s also required for sending compressed data).

@ChristianGruen ChristianGruen added this to the 8.7 milestone Mar 23, 2017

@dirkk

This comment has been minimized.

Contributor

dirkk commented Mar 23, 2017

I think adding the jetty-servlets is very reasonable, but I would avoid enabling CORS by default (as Jens suggested in his SO answer). To disable this is a basic security measure and I think basically all HTTP servers disable this by default. Hence, I don't think we should do it differently because we don't really know more about HTTP servers than the HTTP server guys.

But of course there are many valid use cases for doing so, so to simplify it for the user to enable CORS is a good thing.

@SebastianZimmer

This comment has been minimized.

SebastianZimmer commented Mar 23, 2017

The solution by @JensErat works for me.

I agree with @dirkk that CORS should not be enabled by default.

@ChristianGruen

This comment has been minimized.

Member

ChristianGruen commented Mar 23, 2017

Resolved. Feel free to check out the latest stable snapshot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment