{"html_url": "https://github.com/simonw/datasette/issues/1143#issuecomment-1038289584", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1143", "id": 1038289584, "node_id": "IC_kwDOBm6k_c494wqw", "user": {"value": 9599, "label": "simonw"}, "created_at": "2022-02-13T17:40:50Z", "updated_at": "2022-02-13T17:41:17Z", "author_association": "OWNER", "body": "The way Drupal does this is interesting; https://www.drupal.org/node/2715637 - it supports the following YAML:\r\n```yaml\r\n  # Configure Cross-Site HTTP requests (CORS).\r\n  # Read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS\r\n  # for more information about the topic in general.\r\n  # Note: By default the configuration is disabled.\r\n cors.config:\r\n   enabled: false\r\n   # Specify allowed headers, like 'x-allowed-header'.\r\n   allowedHeaders: []\r\n   # Specify allowed request methods, specify ['*'] to allow all possible ones.\r\n   allowedMethods: []\r\n   # Configure requests allowed from specific origins.\r\n   allowedOrigins: ['*']\r\n   # Sets the Access-Control-Expose-Headers header.\r\n   exposedHeaders: false\r\n   # Sets the Access-Control-Max-Age header.\r\n   maxAge: false\r\n   # Sets the Access-Control-Allow-Credentials header.\r\n   supportsCredentials: false\r\n```", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 764059235, "label": "More flexible CORS support in core, to encourage good security practices"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1143#issuecomment-746827083", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1143", "id": 746827083, "node_id": "MDEyOklzc3VlQ29tbWVudDc0NjgyNzA4Mw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-12-16T18:56:07Z", "updated_at": "2020-12-16T18:56:07Z", "author_association": "OWNER", "body": "I think the right way to do this is to support multiple optional `--cors-origin=` pattern values, like you suggested.", "reactions": "{\"total_count\": 2, \"+1\": 1, \"-1\": 0, \"laugh\": 0, \"hooray\": 1, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 764059235, "label": "More flexible CORS support in core, to encourage good security practices"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1143#issuecomment-744757558", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1143", "id": 744757558, "node_id": "MDEyOklzc3VlQ29tbWVudDc0NDc1NzU1OA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-12-14T22:42:10Z", "updated_at": "2020-12-14T22:42:10Z", "author_association": "OWNER", "body": "This may involve a breaking change to the CLI settings interface, so I'm adding this to the 1.0 milestone.", "reactions": "{\"total_count\": 1, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 1, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 764059235, "label": "More flexible CORS support in core, to encourage good security practices"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1143#issuecomment-744756861", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1143", "id": 744756861, "node_id": "MDEyOklzc3VlQ29tbWVudDc0NDc1Njg2MQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-12-14T22:40:28Z", "updated_at": "2020-12-14T22:40:28Z", "author_association": "OWNER", "body": "That's a very convincing argument. I'm keen on making sure Datasette is \"secure by default\" so you're right, encouraging finely grains CORS rules in core rather than leaving that to a plugin sounds like the right call.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 764059235, "label": "More flexible CORS support in core, to encourage good security practices"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1143#issuecomment-744249157", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1143", "id": 744249157, "node_id": "MDEyOklzc3VlQ29tbWVudDc0NDI0OTE1Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-12-14T07:53:15Z", "updated_at": "2020-12-14T07:53:15Z", "author_association": "OWNER", "body": "Does this plugin do everything you need? https://github.com/simonw/datasette-cors\r\n\r\nI'm open to arguments as to why this should be in core rather than in a plugin - I'm on the fence about that at the moment.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 764059235, "label": "More flexible CORS support in core, to encourage good security practices"}, "performed_via_github_app": null}