-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enable simple cors on all chainweb endpoints #79
Conversation
It builds now - I have not yet checked whether it actually works. That part is not straight forward without an actual deployment. @larskuhtz - I will try to check locally with an http build, do you have the means to deploy this to some server for testing? |
@larskuhtz I was able to test and what I was afraid of, we need to add header "content-type" to the list of allowed headers. |
Actually 'content-type' is in |
If I remember correctly not all headers and in particular content types are allowed in simple cors. So we may need a non-simple cors policy in that case. |
I dug a little deeper. simpleHeaders include content-type - but the simple policy does not include simpleHeaders, but none - relying on a default that is simple headers excluding content-type. I still haven't read the standard yet, so there might be a reason for this unintuitive implementation. |
Simple CORS requests are subject to the following constraint:
CORS is weird. In the standard they try to not break existing common HTTP scenarios, so their are a lot of special cases. The complete list of constraints is in the documentation of wai-cors: |
This is the haddock documentation for cors headers:
I didn't make that stuff up. It's actually in the standard. :-) |
I think the easiest is if you take look at the documentation here http://hackage.haskell.org/package/wai-cors-0.2.6/docs/Network-Wai-Middleware-Cors.html#v:CorsResourcePolicy and define a CORS policy that meets your needs. Once we know what we need I can either update the PR or you can push directly to it. |
No description provided.