[DAS] Cross-origin resource sharing and DAS
Andy Jenkinson
andy.jenkinson at ebi.ac.uk
Tue Sep 15 13:35:24 UTC 2009
Just to add, the latest trunk version of ProServer also does this.
On 15 Sep 2009, at 12:46, Thomas Down wrote:
> DAS server developers might be interested to take a look at the W3C/
> WHATWG
> cross-origin resource sharing stuff here:
>
> http://dev.w3.org/2006/waf/access-control/
>
> There's also a rather more practical description of what this is
> good for
> here:
>
> https://developer.mozilla.org/En/HTTP_access_control
>
> My reading of all this is that if you're running a DAS server on a
> publically-accessible HTTP endpoint, you probably want to send a
> header
> along the lines of:
>
> Access-Control-Allow-Origin: *
>
> This is the now the default behaviour in SVN-latest versions of
> Dazzle.
> Note that this doesn't prevent you from securing your DAS servers (for
> instance by authenticating clients by password or IP address). It
> does,
> however, make life an awful lot easier for anyone who might be
> interested in
> fetching DAS data using Javascript code running in a browser.
>
> Thomas.
> _______________________________________________
> DAS mailing list
> DAS at lists.open-bio.org
> http://lists.open-bio.org/mailman/listinfo/das
More information about the DAS
mailing list