We need to make a REST api service for our website that will be accessed from arbitrary domains by partner companies, but we're having trouble with authentication.
We tried auth.is_logged_in(), but the problem is that login doesn't seem to work cross domain. A session is created on the server, but the request still doesn't get passed authentication.
Is there anything built-in in web2py for this use case?
@request.restful()
def f():
response.headers["Access-Control-Allow-Origin"] = "*"
def GET(*args, **vars):
if auth.is_logged_in():
Also doesn't seem to work.