Skip to content

CORS handling #2

Description

@pabo3000

If you have a frontend app for example running on port 9000 and it requests the plone backend on localhost:8080 you will get:

XMLHttpRequest cannot load http://localhost:8080/plone/@@json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access.

This is CORS issue. The frontend address has to be registered as an allowed ressouce in the plone backend (zope server).

IMHO a CORS TTW configuration is desirable. Perhaps it is a good idea to have an isolated package plone.cors which offers a configlet and a server response patch.

In the Pyramid world The Cornice REST framework has to deal with this issue and can simply be configured: http://cornice.readthedocs.org/en/latest/api.html
In The Django world a so called middle ware can be registered and configured in settings.py: https://github.com/ottoyiu/django-cors-headers

Background:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
http://www.html5rocks.com/en/tutorials/cors/
http://enable-cors.org/

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions