add cors headers to ui/webserver fn responses #741
Conversation
|
Hey, check this out, someone else did something on this too and I haven't worked on it: #635 |
|
Interesting, I don't think we need the allow-headers bit, at least MDN says Content-Type is always allowed: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers. Per the other discussion on that PR, I'll go ahead and implement some configuration so the default can remain not adding the header. |
|
Yah, I don't see much problem with this in any case. |
|
also in the future we could allow fns to accept and return headers in the request/response, as per #696 |
|
Any reason we can't just merge this @neonphog @thedavidmeister ? |
Codecov Report
@@ Coverage Diff @@
## develop #741 +/- ##
===========================================
- Coverage 73.6% 73.59% -0.02%
===========================================
Files 68 68
Lines 10557 10567 +10
===========================================
+ Hits 7771 7777 +6
- Misses 1945 1947 +2
- Partials 841 843 +2
Continue to review full report at Codecov.
|
|
@zippy maybe it's easier to just have reviewers merge if approved and tested? |
Adds
Access-Control-Allow-Origin: *to outgoing response headers for/fn/requests.Notes
CORS is a tricky issue, since it's all client-side enforced, from a server/node perspective, there's really no reason not to allow all origins. Though really, it would probably be good if the host could configure their desired allow origins. Let me know if this is ok for now, or if you want me to add the configuration.
FYI, i need this header to support requests from the
nullorigin. I.e. a web page hosted fromfile://.Testing
Something in Hash is breaking for me on HEAD develop right now... but I am able to successfully run: