{"id": 440437037, "node_id": "MDU6SXNzdWU0NDA0MzcwMzc=", "number": 454, "title": "Plugin for allowing CORS from specified hosts", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": {"value": 9599, "label": "simonw"}, "milestone": null, "comments": 5, "created_at": "2019-05-05T12:05:02Z", "updated_at": "2019-10-03T23:59:57Z", "closed_at": "2019-10-03T23:59:56Z", "author_association": "OWNER", "pull_request": null, "body": "It would be useful if Datasette could be configured to allow CORS requests from one or more origins, as opposed to only allowing either none or `\"*\"`.\r\n\r\nThis is slightly tricky because the `Access-Control-Allow-Origin: https://foo.example` header is only allowed to return one value per request - and according to https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS \"The Access-Control-Allow-Origin header should contain the value that was sent in the request's Origin header.\"\r\n\r\nThis means the application code needs to have a whitelist of allowed hosts and code that dynamically changes the outgoing `Access-Control-Allow-Origin` header based on the `Origin` header from the incoming request.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/454/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}