This seems pretty sane. For an MVP, simply implementing this part:
> At the very least, the above should be paired with the addition of |approve-origin and |reject-origin generators. These can be called by the user themselves, or by hosting providers wanting their fleet to trust the platform they've built.
seems reasonable. I can complete my project (typescript API interface) with that, and developers could start to use it.
For it to be actually useful for standard users and users of developed browser clients, I wonder if simply adding a multi-text field (like the “buckets” setting) on the settings page in Landscape would be enough for 95% of users, and a “view all unauthorized requests” for debugging purposes. Maybe even put that on the debugging page.
In any case, thanks for working on this.
> On Sep 28, 2020, at 5:30 PM, Mark <ma...@tlon.io> wrote:
> The time has come. Eyre, being an HTTP server operating in the modern age, can no longer ignore the reality that is Cross-Origin Resource Sharing. Find attached a proposal for dealing with this in an at least somewhat principled manner.