Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Add CORS header ('Access-Control-Allow-Origin') to public APIs #327
This permits external websites to query WriteFreely instances for:
Without these changes, websites attempting to use the public API to query collections (such as my site: moor3.xyz, source) will receive CORS errors. @cjeller1592 helped me in the past with a CORS proxy (discussion), but it's time to fix it at the source.
I consider this PR to be more like an RFC, I'm fully open to guidance/critique on how to make these changes acceptable.
Thank you for taking this on! I agree we should fix this in the application, and these are probably the most important API endpoints to do this on.
One thing that jumps out at me: as it stands, the header will only be set on successful responses. If an
So a better place for these additions might be in the
For authenticated endpoints I think a more fully-fleshed out approach is needed, such as users choosing which origin(s) are permitted to query/update/post/etc among others.