CORS support #6
Comments
|
CORS would be nice, but what would you pass along with these requests in terms of auth creds? This seems like something maybe oc-id might be better suited for. |
|
From discussion of this amongst Team VI: Without CORS support you can never build a single page javascript app that talks directly to the server. A proxy will always be needed, but needing a proxy is silly, b/c the server already talks http. Nathan points out that: With chef-zero right now, I can pop in a console and do jQuery.get("http://localhost:8889/nodes").then(function (nodes) { console.log("woot nodes!", nodes); }); |
|
Further discussion, from Nathan Smith, in response to Chris' question about auth creds: You would need token auth (https://github.com/chef/chef-rfc/blob/master/rfc038-token-authentication.md) to make it useful at all, but token auth would be useless for a browser-based app without CORS. oc-id could be the token provider or maybe not. |
PrajaktaPurohit
added
Status: To be prioritized
tas50
added
Aspect: Security
As a user, I would like Chef server responses to contain Cross Origin Resource Sharing headers so I can use the Chef server with HTTP clients that have a same-origin security policy.
This could be implemented by including some Nginx configuration and attributes in the configuration that could customize that configuration for my Chef server.
Basic support for this is enabled in Chef Zero.
The text was updated successfully, but these errors were encountered: