Hi -
> [...]
> I am not sure what the best way forward is,
> usually I would say, make it all configurable,
> but debuginfod doesn't have a central configuration file.
Marty, we will not need central configuration files where we're going.
> I would not like to add more environment variables.
No
I think Florian is right.
I see a scenario where:
1. someone runs a debuginfod service for closed source software in an
internal network
2. the names for debuginfod server instances are guessable
3. users in corporate networks don't run adblockers
4. the debuginfod defaults change
5
Hi -
> [...]
> I think it will allow public web clients to exfiltrate debuginfo data
> from debuginfod servers on private intranets. Previously, the
> cross-origin restrictions on web content would have prevented that.
Yes, this is the flip side of the CORS default coin. ISTM the
convenience is
* Frank Ch. Eigler:
> Hi -
>
> I'm planning to commit this shortly:
>
> From 4ebefc8f3b4b8fb68a55c960e70122fda50a0fb9 Mon Sep 17 00:00:00 2001
> From: "Frank Ch. Eigler"
> Date: Sat, 7 Dec 2024 15:01:54 -0500
> Subject: [PATCH] debuginfod: add CORS response headers and OPTIONS method
What are th
Hi Henning,
On Fri, Dec 06, 2024 at 01:01:34AM +0100, Henning Meyer wrote:
> it is the Cross-Origin-Resource-Sharing mechanism explained at
> https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
Thanks, this might be a good URL to include in a comment so others
know what the extra headers are t
Hi -
I'm planning to commit this shortly:
>From 4ebefc8f3b4b8fb68a55c960e70122fda50a0fb9 Mon Sep 17 00:00:00 2001
From: "Frank Ch. Eigler"
Date: Sat, 7 Dec 2024 15:01:54 -0500
Subject: [PATCH] debuginfod: add CORS response headers and OPTIONS method
From: Henning Meyer
CORS is the Cross-Origi
Hi Mark,
it is the Cross-Origin-Resource-Sharing mechanism explained at
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS 1. by default
JavaScript code from Website A cannot request arbitrary resources from
website B, these are called cross-origin-requests 2. The browser
performs what
Hi Frank, Hi Henning,
On Wed, 2024-12-04 at 19:40 -0500, Frank Ch. Eigler wrote:
> > This is my first attempt at implementing CORS support in debuginfod.
>
> Looks good to me really; will wait for a glance from others.
So the code looks correct if you want to handle the OPTION command and
add a
Hi -
> This is my first attempt at implementing CORS support in debuginfod.
Looks good to me really; will wait for a glance from others.
> I should probably add or change tests. [...]
I wouldn't overthink it - just add a "-i" to any random curl command
and look for ACAO:*.
I reconfigured the d
