html_url,issue_url,id,node_id,user,user_label,created_at,updated_at,author_association,body,reactions,issue,issue_label,performed_via_github_app
https://github.com/simonw/datasette/issues/454#issuecomment-538173651,https://api.github.com/repos/simonw/datasette/issues/454,538173651,MDEyOklzc3VlQ29tbWVudDUzODE3MzY1MQ==,9599,simonw,2019-10-03T23:59:56Z,2019-10-03T23:59:56Z,OWNER,I built and shipped this back in July: https://github.com/simonw/datasette-cors,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",440437037,Plugin for allowing CORS from specified hosts,
https://github.com/simonw/datasette/issues/454#issuecomment-491003082,https://api.github.com/repos/simonw/datasette/issues/454,491003082,MDEyOklzc3VlQ29tbWVudDQ5MTAwMzA4Mg==,9599,simonw,2019-05-09T17:53:45Z,2019-05-09T17:53:57Z,OWNER,I built a new ASGI middleware component for CORS headers which I can use to implement this: https://pypi.org/project/asgi-cors/ and https://github.com/simonw/asgi-cors ,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",440437037,Plugin for allowing CORS from specified hosts,
https://github.com/simonw/datasette/issues/454#issuecomment-489433651,https://api.github.com/repos/simonw/datasette/issues/454,489433651,MDEyOklzc3VlQ29tbWVudDQ4OTQzMzY1MQ==,9599,simonw,2019-05-05T14:52:46Z,2019-05-05T14:52:46Z,OWNER,"I really like the idea of this as a plugin, because it will provide a great example of an ASGI plugin including how to build unit tests against Datasette plugins which actually start up a Datasette server and run some requests through it.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",440437037,Plugin for allowing CORS from specified hosts,
https://github.com/simonw/datasette/issues/454#issuecomment-489420661,https://api.github.com/repos/simonw/datasette/issues/454,489420661,MDEyOklzc3VlQ29tbWVudDQ4OTQyMDY2MQ==,9599,simonw,2019-05-05T12:11:01Z,2019-05-05T12:11:01Z,OWNER,"Also worth considering: `Access-Control-Max-Age: 86400` support - maybe as a `""max_age""` setting for the plugin. This can reduce the number of preflight checks the browser needs to make.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",440437037,Plugin for allowing CORS from specified hosts,
https://github.com/simonw/datasette/issues/454#issuecomment-489420385,https://api.github.com/repos/simonw/datasette/issues/454,489420385,MDEyOklzc3VlQ29tbWVudDQ4OTQyMDM4NQ==,9599,simonw,2019-05-05T12:07:56Z,2019-05-05T12:10:13Z,OWNER,"Since I want the option to store more than one host, I don't think this should be a command-line option or a `--config` setting. Instead, I'm inclined to add this to `metadata.json`.

Maybe this should be a plugin? That way the `metadata.json` setting could look like this:
```
{
    ""title"": ""Title of this instance"",
    ""plugins"": {
        ""datasette-cors"": {
            ""allowed_origins"": [""https://example.com""]
        }
    }
}
```

This could be implemented easily on top of ASGI #272.

(It should probably raise an exception on startup if any of the `allowed_origins` ends with a slash e.g. `""https://example.com/""` since that's not actually a valid origin, and it's an easy mistake to make.)","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",440437037,Plugin for allowing CORS from specified hosts,