Hi, I am working on a DWARF parser and visualizer as a web app, and I noticed that debuginfod cannot be used from web applications: The browser's security model prevents XmlHttpRequests to foreign servers from JavaScript unless the server advertises that it is okay to do so, following the CORS protocol.
debuginfod currently does not do that, it does not respond to OPTIONS method and it does not send the |Access-Control-Allow-Origin header. I don't think there are any security downsides to enabling this optionally or by default in debuginfod. I might be the only one who would use that feature at the moment, but I think the success of Compiler Explorer shows that work that was previously only done via the command line might find success on the web if given a nice enough UI. Technically, users that need this functionality can add it via a proxy, but as debuginfod can itself forward HTTP requests to other servers I think it would be neat if it had this functionality out of the box. Would you be open to add this or accept patches to enable this? Regards, Henning |
