Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Support Cross-Origin Resource Sharing #4

Open
hallettj opened this Issue Aug 14, 2009 · 0 comments

Comments

Projects
None yet
1 participant

Some browsers now support cross-site XMLHttpRequests. But for security purposes the server responding to those requests must implement an access control policy or the requests are blocked by the browser.

I think it would be very useful to be able to set up one ReverseHTTP server to use with various sites. To support this with cross-site Ajax, also called CORS, require implementing the access control protocol as described at https://developer.mozilla.org/En/HTTP_Access_Control.

Basically if a GET or POST request arrives with an 'Origin' header the server needs to include an 'Access-Control-Allow-Origin' header in its response. If an OPTIONS request arrives with an 'Origin' header, an 'Access-Control-Request-Method' header, and possibly an 'Access-Control-Request-Headers' the server needs to respond with 'Access-Control-Allow-Origin', 'Access-Control-Allow-Methods', and 'Access-Control-Allow-Headers' headers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment