issues: 440437037
This data as json
| id | node_id | number | title | user | state | locked | assignee | milestone | comments | created_at | updated_at | closed_at | author_association | pull_request | body | repo | type | active_lock_reason | performed_via_github_app | reactions | draft | state_reason |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 440437037 | MDU6SXNzdWU0NDA0MzcwMzc= | 454 | Plugin for allowing CORS from specified hosts | 9599 | closed | 0 | 9599 | 5 | 2019-05-05T12:05:02Z | 2019-10-03T23:59:57Z | 2019-10-03T23:59:56Z | OWNER | It would be useful if Datasette could be configured to allow CORS requests from one or more origins, as opposed to only allowing either none or `"*"`. This is slightly tricky because the `Access-Control-Allow-Origin: https://foo.example` header is only allowed to return one value per request - and according to https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS "The Access-Control-Allow-Origin header should contain the value that was sent in the request's Origin header." This means the application code needs to have a whitelist of allowed hosts and code that dynamically changes the outgoing `Access-Control-Allow-Origin` header based on the `Origin` header from the incoming request. | 107914493 | issue | {"url": "https://api.github.com/repos/simonw/datasette/issues/454/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | completed |