[DAS] Cross-origin resource sharing and DAS
Thomas Down
thomas.a.down at googlemail.com
Tue Sep 15 11:46:24 UTC 2009
DAS server developers might be interested to take a look at the W3C/WHATWG
cross-origin resource sharing stuff here:
http://dev.w3.org/2006/waf/access-control/
There's also a rather more practical description of what this is good for
here:
https://developer.mozilla.org/En/HTTP_access_control
My reading of all this is that if you're running a DAS server on a
publically-accessible HTTP endpoint, you probably want to send a header
along the lines of:
Access-Control-Allow-Origin: *
This is the now the default behaviour in SVN-latest versions of Dazzle.
Note that this doesn't prevent you from securing your DAS servers (for
instance by authenticating clients by password or IP address). It does,
however, make life an awful lot easier for anyone who might be interested in
fetching DAS data using Javascript code running in a browser.
Thomas.
More information about the DAS
mailing list