{"html_url": "https://github.com/simonw/datasette/issues/1143#issuecomment-746827083", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1143", "id": 746827083, "node_id": "MDEyOklzc3VlQ29tbWVudDc0NjgyNzA4Mw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-12-16T18:56:07Z", "updated_at": "2020-12-16T18:56:07Z", "author_association": "OWNER", "body": "I think the right way to do this is to support multiple optional `--cors-origin=` pattern values, like you suggested.", "reactions": "{\"total_count\": 2, \"+1\": 1, \"-1\": 0, \"laugh\": 0, \"hooray\": 1, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 764059235, "label": "More flexible CORS support in core, to encourage good security practices"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1143#issuecomment-744757558", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1143", "id": 744757558, "node_id": "MDEyOklzc3VlQ29tbWVudDc0NDc1NzU1OA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-12-14T22:42:10Z", "updated_at": "2020-12-14T22:42:10Z", "author_association": "OWNER", "body": "This may involve a breaking change to the CLI settings interface, so I'm adding this to the 1.0 milestone.", "reactions": "{\"total_count\": 1, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 1, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 764059235, "label": "More flexible CORS support in core, to encourage good security practices"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1143#issuecomment-744756861", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1143", "id": 744756861, "node_id": "MDEyOklzc3VlQ29tbWVudDc0NDc1Njg2MQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-12-14T22:40:28Z", "updated_at": "2020-12-14T22:40:28Z", "author_association": "OWNER", "body": "That's a very convincing argument. I'm keen on making sure Datasette is \"secure by default\" so you're right, encouraging finely grains CORS rules in core rather than leaving that to a plugin sounds like the right call.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 764059235, "label": "More flexible CORS support in core, to encourage good security practices"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/1143#issuecomment-744249157", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1143", "id": 744249157, "node_id": "MDEyOklzc3VlQ29tbWVudDc0NDI0OTE1Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-12-14T07:53:15Z", "updated_at": "2020-12-14T07:53:15Z", "author_association": "OWNER", "body": "Does this plugin do everything you need? https://github.com/simonw/datasette-cors\r\n\r\nI'm open to arguments as to why this should be in core rather than in a plugin - I'm on the fence about that at the moment.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 764059235, "label": "More flexible CORS support in core, to encourage good security practices"}, "performed_via_github_app": null}