Should we handle Cross-origin Request handling automatically?

[arcfide]

The current Jarvis doesn't appear to handle CORS situations when browsers access the data. Is there a clean and minimal way to do this in Jarvis itself that doesn't get too "over-engineered?"

[arcfide]

Looking into the code, it appears that Jarvis doesn't actually support any CORS handling for a JSON service, meaning that the service is inaccessible for a wide range of applications. I think it would be good to have CORS handling built-in.

[arcfide]

The current code in HandleRequest might be able to be retrofitted to rely on the application provided Validate function to handle the request. The only issue is that there is no way to signal to the system that the Validate has in fact Validated and completed the response. It's only a pass/fail.

We could split into a pass / response / fail mode, or we could leave the Validate function as a pass/fail and then have another function that handles CORS.

At the moment I'm inclined to just use the pass / response / fail model. I suggest that the return code will indicate this. If it is 0, then it is a passthrough. If it's positive, it's a fail and should follow the normal fail path. If it's a -1, then it should immediately send the response that was crafted by the validate function.

[arcfide]

c294037 adds support for CORS by default for JSON servers now.