Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Allow cross-site requests to the RSS feed #3835
My company has a blog with Ghost and we would like to show a list of some posts on our main page.
The problem is cross-site requests are not allowed (CORS), so the Ghost rss feed response need to add the header
Hi again :)
I certainly appreciate your use case and that you need to do this for your own blog, but I don't think that pushing this back into core is the right thing to do. We have guidelines for what we include in core, and in this case the majority of users would not use this feature. In fact I'd suggest that most users who understand what this does would not expect it to be available by default.
Furthermore, what you're doing is a workaround. If you want to display content from your Ghost blog elsewhere, the correct way to do so would be to use the API, which will become openly available in one of the upcoming releases. Alternatively in future you might enable this via an app.
As I understand, cross-origin requests are deliberately disabled by most major browsers, but only for scripts originating from localhost. It's a security feature. What this means is that when your browser serves a hosted copy of your page, it shouldn't show you this error.
According to this post, you can turn off the setting that enforces this (for Chrome). However, you should only disable web security features temporarily, only while you're testing -- they're enable by default for a reason.
My problem is that the blog is not on the same domain as the website, so I have a cross-domain problem.