http://www.html5rocks.com/en/tutorials/cors/ http://www.w3.org/TR/cors/ https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
This is what you look for i think, it's what i've used and offers a lof of info. Op woensdag 13 augustus 2014 20:07:21 UTC+2 schreef Massimo Di Pierro: > > Can you point me to any documentation? > > On Wednesday, 13 August 2014 04:52:00 UTC-5, Remco Boerma wrote: >> >> Thanks Massimo, >> >> Well, with CORS it depends. I used these to get CORS working with at IE11 >> and Chrome (latest) >> >> response.headers['Access-Control-Allow-Origin'] >> response.headers['Access-Control-Allow-Methods'] >> response.headers['Access-Control-Allow-Headers'] >> >> Maybe something more dynamic like >> auth.cas_allowed_headers_on_redirect = ['Acces-Co...',...] >> >> though it would require more tuning and more work and less out of the box >> functionality. >> >> For what i have seen it needs these headers on every contact with the >> requesting browser, since the entire process is done using ajax that means >> all redirects would probably apply. And if not, probably you'll want to >> setup a structure to allow CORS on those redirects anyway. >> If you really need to know which redirects are used in my situation (i >> don't use the form based authentication obviously, so that might save me a >> few redirects) i can debug the lot and see what i can come up with. >> >> With kind regards. >> >> Op woensdag 13 augustus 2014 07:29:43 UTC+2 schreef Massimo Di Pierro: >>> >>> Looking into this but I need your help. We cannot preserve all the >>> headers because some of them may contain sensitive information that should >>> not be sent cross domain (for example session cookies). So the question is, >>> which headers should be preserved by which redirects: >>> >>> There are two redirects in gluon/contrib/login_methods/cas_auth.py >>> >>> There are two redirects in gluon/tools.py in Auth allow_access. >>> >>> Do you know which ones need the headers? Which headers? >>> >>> On Tuesday, 12 August 2014 03:05:27 UTC-5, Remco Boerma wrote: >>>> >>>> Thanks Massimo, >>>> >>>> Concerning https://code.google.com/p/web2py/issues/detail?id=1961&can=1 >>>> >>>> The CAS structure uses redirect() internally. Can you update the call in >>>> the CAS code to send the request.headers? That's why i proposed a change >>>> on all redirect calls. This allows the CAS to be CORS compliant if the >>>> user provides the proper headers on the controller level >>>> >>>> With kind regards. >>>> >>>> Remco >>>> >>>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
