Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for CORS (or JSONP?) #5

Closed
cportele opened this issue Nov 4, 2017 · 5 comments
Closed

Support for CORS (or JSONP?) #5

cportele opened this issue Nov 4, 2017 · 5 comments

Comments

@cportele
Copy link
Member

cportele commented Nov 4, 2017

Servers should support a mechanism to overcome cross-domain restrictions.

To be consistent with HTTP, it probably should be CORS. Is that only a separate requirement or does it need to be reflected in the OpenAPI definition? The discussion here suggests that it should not be reflected explicitly in the OpenAPI definition.

Is the convenience of JSONP important enough to support it, too, even with its drawbacks?

@sebastianovide
Copy link

what's the main reason for supporting JSONP ?

@jvanulde
Copy link
Contributor

jvanulde commented Nov 6, 2017

@sebastianovide I would say that it's more for implementations where implementers don't have admin privileges on the host. Otherwise, I don't see an obvious reason.

@cportele
Copy link
Member Author

cportele commented Nov 7, 2017

JSONP or CORS are needed, if you want to access data from a web page and the data is on another host than the webpage. For example, a web-application accessing data from multiple distributed sources. The "same-origin policy" would prevent this.

See, for example, https://en.wikipedia.org/wiki/JSONP.

@cportele
Copy link
Member Author

Discussed during the meeting on 2017-11-28: Simply create awareness for the issue and mention CORS/JSONP as potential approaches. Then wait for implementer feedback whether more is needed.

@cholmes
Copy link
Member

cholmes commented Nov 27, 2017

Agreed, I think a short best practices paper explaining the issue and how to configure your web server would go a long way. CORS configuration is often outside of the actual WFS server - like in GeoServer with Java you can't set the configuration within the code, you have to update a setting in your tomcat or jetty server.

@cportele cportele self-assigned this Nov 28, 2017
@cportele cportele added this to the Part 1, First Draft milestone Nov 28, 2017
cportele added a commit that referenced this issue Dec 14, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants