CORS handling in Eyre
45 views
Skip to first unread message
Mark
Sep 28, 2020, 8:30:59 PM9/28/20
to Jose, urbit-dev
The time has come. Eyre, being an HTTP server operating in the modern age, can no longer ignore the reality that is Cross-Origin Resource Sharing. Find attached a proposal for dealing with this in an at least somewhat principled manner.
Tyler Shuster
Sep 28, 2020, 8:40:10 PM9/28/20
to Mark, urbit-dev
This seems pretty sane. For an MVP, simply implementing this part:
> At the very least, the above should be paired with the addition of |approve-origin and |reject-origin generators. These can be called by the user themselves, or by hosting providers wanting their fleet to trust the platform they've built.
seems reasonable. I can complete my project (typescript API interface) with that, and developers could start to use it.
For it to be actually useful for standard users and users of developed browser clients, I wonder if simply adding a multi-text field (like the “buckets” setting) on the settings page in Landscape would be enough for 95% of users, and a “view all unauthorized requests” for debugging purposes. Maybe even put that on the debugging page.
In any case, thanks for working on this.
> On Sep 28, 2020, at 5:30 PM, Mark <ma...@tlon.io> wrote:
>
> The time has come. Eyre, being an HTTP server operating in the modern age, can no longer ignore the reality that is Cross-Origin Resource Sharing. Find attached a proposal for dealing with this in an at least somewhat principled manner.
>
> --
> To unsubscribe from this group and stop receiving emails from it, send an email to dev+uns...@urbit.org.
> <cors.txt>
>
> —
> ~palfun-foslup
> https://urbit.org
>
> --
> To unsubscribe from this group and stop receiving emails from it, send an email to dev+uns...@urbit.org.
> At the very least, the above should be paired with the addition of |approve-origin and |reject-origin generators. These can be called by the user themselves, or by hosting providers wanting their fleet to trust the platform they've built.
seems reasonable. I can complete my project (typescript API interface) with that, and developers could start to use it.
For it to be actually useful for standard users and users of developed browser clients, I wonder if simply adding a multi-text field (like the “buckets” setting) on the settings page in Landscape would be enough for 95% of users, and a “view all unauthorized requests” for debugging purposes. Maybe even put that on the debugging page.
In any case, thanks for working on this.
> On Sep 28, 2020, at 5:30 PM, Mark <ma...@tlon.io> wrote:
>
> The time has come. Eyre, being an HTTP server operating in the modern age, can no longer ignore the reality that is Cross-Origin Resource Sharing. Find attached a proposal for dealing with this in an at least somewhat principled manner.
>
> To unsubscribe from this group and stop receiving emails from it, send an email to dev+uns...@urbit.org.
> <cors.txt>
>
> —
> ~palfun-foslup
> https://urbit.org
>
> --
> To unsubscribe from this group and stop receiving emails from it, send an email to dev+uns...@urbit.org.
Anthony Arroyo
Sep 29, 2020, 12:45:55 PM9/29/20
to Tyler Shuster, Mark, urbit-dev
Reply all
Reply to author
Forward
0 new messages