-
Notifications
You must be signed in to change notification settings - Fork 290
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is Access-Control-Allow-Origin Header still an issue in 2017? #1134
Comments
I seem to be able to login successfully from a Localhost. Just wondering what are the limitations. |
@segahm, your question is valid and tough at the sime time. The current limitation (when using our production backend from a localhost) is that you will not be able to refresh the access token, so _schedule_token_refresh will fail and you will get logged out on your browser. I am forwarding your question to our Head of Security, @raphaelrobert. |
@raphaelrobert nice to meet you. How should I treat what @bennyn is describing? As a bug, a security feature, or something else? Thanks |
Sorry for the late reply. The limitation mentioned in #294 is still in place for now. |
Hmm. @raphaelrobert @bennyn please advise how I should proceed then. I am building a product on top of Wire Webapp chat client, with the hope of registering my users in your network. Likewise, relying on your server. This is something I previously successfully prototyped on Telegram. So far, the refresh access token is my only roadblock. I hypothesize that I have a workaround. But if the inability to refresh access token is not a bug but an intentional feature, I don't want to go about hacking together a solution that will be blocked down the road by the server. Please help. Thank You. You can reach me at: |
When modifying Wire clients and connecting to our servers, our Terms of Use apply, in particular section 6.4. Please be mindful of that. Our server API is not publicly documented and we reserve the right to change it without prior notice. Going forward it will be possible to self-host the Wire backend. In the meantime our bot API is maybe more suited for your needs. |
@priiduzilmer can you chime on this. The above is not very encouraging from the standpoint of an open source developer team putting its time and money. |
@segahm The Wire servers are simply not suited to build third-party services on top of it, that's the reason we don't allow it. |
@raphaelrobert @priiduzilmer I've responded on Medium where the CTO states: "Wire’s users can now build their own client from our source code and run it on our platform" I am now puzzled by the response above. |
Closing due to inactivity. Concerns are being addressed step by step. |
Referring to #294
Please instruct whether it is now possible to use webapp on a non-wire domain. If not, this would be defeat the whole purpose of a project - no?
The text was updated successfully, but these errors were encountered: