[DAS] Cross-origin resource sharing and DAS

Andy Jenkinson andy.jenkinson at ebi.ac.uk
Tue Sep 15 14:57:42 UTC 2009 

Thinking ahead a little bit, the potential benefit of formally  
adopting this in DAS is huge - beyond the current set of simple GET  
requests, it actually makes authenticated cross site requests such as  
for writeback work, which at the moment will be very difficult to make  
work.

I was wondering if we should just add a requirement to handle this to  
the DAS spec, with an example of course. It's very simple to implement  
and we could potentially dodge a big bullet by making all 1.6+ servers  
do it now. By the time it's supported in all browsers we could have a  
large proportion of DAS servers supporting it.

Cheers,
Andy

> Just to add, the latest trunk version of ProServer also does this.
>
> On 15 Sep 2009, at 12:46, Thomas Down wrote:
>
>> DAS server developers might be interested to take a look at the W3C/ 
>> WHATWG
>> cross-origin resource sharing stuff here:
>>
>>              http://dev.w3.org/2006/waf/access-control/
>>
>> There's also a rather more practical description of what this is  
>> good for
>> here:
>>
>>              https://developer.mozilla.org/En/HTTP_access_control
>>
>> My reading of all this is that if you're running a DAS server on a
>> publically-accessible HTTP endpoint, you probably want to send a  
>> header
>> along the lines of:
>>
>>              Access-Control-Allow-Origin: *
>>
>> This is the now the default behaviour in SVN-latest versions of  
>> Dazzle.
>> Note that this doesn't prevent you from securing your DAS servers  
>> (for
>> instance by authenticating clients by password or IP address).  It  
>> does,
>> however, make life an awful lot easier for anyone who might be  
>> interested in
>> fetching DAS data using Javascript code running in a browser.
>>
>>                  Thomas.
>> _______________________________________________
>> DAS mailing list
>> DAS at lists.open-bio.org
>> http://lists.open-bio.org/mailman/listinfo/das
>
> _______________________________________________
> DAS mailing list
> DAS at lists.open-bio.org
> http://lists.open-bio.org/mailman/listinfo/das

More information about the DAS mailing list