CORS handling

[pabo3000]

If you have a frontend app for example running on port 9000 and it requests the plone backend on localhost:8080 you will get:

XMLHttpRequest cannot load http://localhost:8080/plone/@@json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access.

This is CORS issue. The frontend address has to be registered as an allowed ressouce in the plone backend (zope server).

IMHO a CORS TTW configuration is desirable. Perhaps it is a good idea to have an isolated package plone.cors which offers a configlet and a server response patch.

In the Pyramid world The Cornice REST framework has to deal with this issue and can simply be configured: http://cornice.readthedocs.org/en/latest/api.html
In The Django world a so called middle ware can be registered and configured in settings.py: https://github.com/ottoyiu/django-cors-headers

Background:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
http://www.html5rocks.com/en/tutorials/cors/
http://enable-cors.org/

[casdr]

Any update on this? We have the same issue and haven't been able to find where to fix this.

[tisto]

See plone/plone.rest#11 for details.