undefined | Better HN

0 pointsjustinsb12y ago0 comments

Cool idea. I don't see any reason not to support CORS; all the OpenStack requests require a custom Auth http header anyway, so I don't think there's any danger in turning on CORS there. I didn't see anyone in the Launchpad bug report that was against it.

The only call that I think _might_ be dangerous to expose is the login API, but that should be rate-limited and / or have lockout anyway.

I've opened a bug to support CORS in FathomCloud. It's not a lot of work (I already have the filter in the repo, it's just not configured in). I just want to think it through to make sure it's safe: https://github.com/fathomdb/cloud/issues/50

0 comments

nl12y ago

If you follow the bug links there was actually an attempt made to fix it, but it was rejected as being incomplete.

I haven't chased it up, but I think it's an important use-case.

justinsbOP12y ago

Thanks for pointing out the patch - I'll review the discussion.

It's definitely an important use case - no argument here :-)

j / k navigate · click thread line to collapse