Hi Mark,
it is the Cross-Origin-Resource-Sharing mechanism explained at
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS 1. by default
JavaScript code from Website A cannot request arbitrary resources from
website B, these are called cross-origin-requests 2. The browser
performs what is called a preflight check, this the OPTIONS method 3.
the response allows website B fine-grained control over what the web
browser should allow 4. Setting "Access-Control-Allow-Origin: *" tells
the web browser to allow all access, e.g. the same behavior you get with
curl or debuginfod-find The website mentions that the corresponding spec
has been changed, such that preflight requests are no longer necessary,
but in the browsers I use today (Firefox 132 and Chromium 131) they are
still necessary. Regards, Henning
On 05.12.24 15:35, Mark Wielaard wrote:
Hi Frank, Hi Henning,
On Wed, 2024-12-04 at 19:40 -0500, Frank Ch. Eigler wrote:
This is my first attempt at implementing CORS support in debuginfod.
Looks good to me really; will wait for a glance from others.
So the code looks correct if you want to handle the OPTION command and
add a header saying "Access-Control-Allow-Origin: *" to all request
replies.
But I have to admit I have no idea what that means. Could you include
an URL to a quick summary when and why you would add such an header?
Thanks,
Mark
