Implement CORS headers for the API

Request new functionality here
jeena
Bear Rating Trainee
Bear Rating Trainee
Posts: 16
Joined: 24 Apr 2013, 22:01

Implement CORS headers for the API

Postby jeena » 23 Aug 2013, 17:27

Hi,

I am developing a TTRSS client which uses the API on Firefox OS. Sadly the API doesn't implement CORS so I have to jump through loops to get it working because of the same origin policy in JavaScript.

It would be cool if you implement CORS so people could write webbapps/Firefox OS apps which would just use TTRSS as a backend. And it is actually quite easy to do http://enable-cors.org/

/Jeena

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Implement CORS headers for the API

Postby fox » 23 Aug 2013, 17:47

Yes supporting firefox os is very important because

jeena
Bear Rating Trainee
Bear Rating Trainee
Posts: 16
Joined: 24 Apr 2013, 22:01

Re: Implement CORS headers for the API

Postby jeena » 15 Sep 2013, 23:18

I'm not sure if something cut you of in the middle of a sentence or if that was a (rather poor) attempt to be funny.

CORS is not only for Firefox OS but for every webapp out there. It is a wildly supported standard (http://www.w3.org/TR/access-control/) and I see no harm in implementing it other then no time. But if it is too much hassle I will just switch to the ownCloud Feed reader instead, they offer a similar API and they already support CORS https://github.com/owncloud/news/blob/m ... leware.php

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Implement CORS headers for the API

Postby fox » 15 Sep 2013, 23:39

I'm sorry that you don't like my sense of humor and lack of enthusiasm in supporting a toy OS nobody gives a shit about by adding a questionable http header with vague security implications.

>But if it is too much hassle I will just switch to the ownCloud Feed reader instead, they offer a similar API and they already support CORS

Thanks for notifying me of your preferences in rss reading. Do keep in touch if you decide to use something else in the future, everyone here is waiting w/ bated breath, etc.

jeena
Bear Rating Trainee
Bear Rating Trainee
Posts: 16
Joined: 24 Apr 2013, 22:01

Re: Implement CORS headers for the API

Postby jeena » 15 Sep 2013, 23:42

Could you elaborate more about the vague security implications?

Still it is not about Firefox OS, it is about webapps.

User avatar
sleeper_service
Bear Rating Overlord
Bear Rating Overlord
Posts: 884
Joined: 30 Mar 2013, 23:50
Location: Dallas, Texas

Re: Implement CORS headers for the API

Postby sleeper_service » 16 Sep 2013, 00:10


jeena
Bear Rating Trainee
Bear Rating Trainee
Posts: 16
Joined: 24 Apr 2013, 22:01

Re: Implement CORS headers for the API

Postby jeena » 16 Sep 2013, 00:20

Ah good idea, thanks for the suggestion didn't think about that, will try to do that.

Masiosare
Bear Rating Trainee
Bear Rating Trainee
Posts: 22
Joined: 23 May 2013, 01:08

Re: Implement CORS headers for the API

Postby Masiosare » 16 Sep 2013, 02:29

Couldn't this be easily configured in the http server (with mod_headers for example)?

http://httpd.apache.org/docs/2.2/mod/mod_headers.html

jeena
Bear Rating Trainee
Bear Rating Trainee
Posts: 16
Joined: 24 Apr 2013, 22:01

Re: Implement CORS headers for the API

Postby jeena » 16 Sep 2013, 10:08

Yes it could and I have it for my server. But if you are just a normal user who browses a appstore or finds a webapp and wants to try it there is a good chance that you will enable the API in the settings, perhaps even find the CORS plugin and enable it too. But there is no way you go out and learn about CORS headers and how to add them to your Apache conf. You will just find some other software. It is just too much inconvinience, especially if you're on a mobile devise.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Implement CORS headers for the API

Postby fox » 16 Sep 2013, 10:19

>But if you are just a normal user who browses a appstore or finds a webapp and wants to try it

lol at any of that ever happening

bonus lols for this ~normal user~ not having any problems with the whole tt-rss hosting deployment thing

>You will just find some other software. It is just too much inconvinience, especially if you're on a mobile devise.

Could you please maybe switch to owncloud or whatever already?

jeena
Bear Rating Trainee
Bear Rating Trainee
Posts: 16
Joined: 24 Apr 2013, 22:01

Re: Implement CORS headers for the API

Postby jeena » 16 Sep 2013, 11:50

Funny thing, someone just told me that you, fox, are the Linus Torvalds type of troll. This makes your trolling much easier to handle :).

So no, I'm not switching yet, I will just add the other backends additionally. I've hopped through the loops to make it work even without CORS in my app already anyway. It is not really about me you see, it is about the idea behind webapps living only in the browser without their own backend. The more APIs implement it the easier it gets to write apps like that.

I'm still not sure why you oppose CORS so much. I kind of understand that you found some information about security problems which I didn't find yet, but I have no idea why you don't want to share it with me.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Implement CORS headers for the API

Postby fox » 16 Sep 2013, 12:06

What I want to share with you is the general desire for you to stop posting here. I wonder how long would it take for you to finally take the hint and take your retarded ideas about firefox web apps or w/e elsewhere.

Your "problem" such as it is is easily solved without any modifications to tt-rss code, and your rationalization re: users browsing web apps is blindingly stupid.

e:

>I'm still not sure why you oppose CORS so much. I kind of understand that you found some information about security problems which I didn't find yet, but I have no idea why you don't want to share it with me.

If you can't immediately figure out why adding "Access-Control-Allow-Origin: *" like the site you linked suggests is a potentially bad idea, you really should not be doing any programming on the web. Just saying.

User avatar
sleeper_service
Bear Rating Overlord
Bear Rating Overlord
Posts: 884
Joined: 30 Mar 2013, 23:50
Location: Dallas, Texas

Re: Implement CORS headers for the API

Postby sleeper_service » 16 Sep 2013, 18:14


charlie-tca
Bear Rating Trainee
Bear Rating Trainee
Posts: 32
Joined: 03 May 2013, 23:04
Contact:

Re: Implement CORS headers for the API

Postby charlie-tca » 16 Sep 2013, 19:00

bear1.jpg
bear1.jpg (80.13 KiB) Viewed 4464 times


Fox doesn't roll over, either.

hrk
Bear Rating Disaster
Bear Rating Disaster
Posts: 75
Joined: 24 Apr 2013, 12:39

Re: Implement CORS headers for the API

Postby hrk » 16 Sep 2013, 19:56



Return to “Feature requests”

Who is online

Users browsing this forum: No registered users and 3 guests