- From: Tobias Viehweger <notifications@github.com>
- Date: Mon, 11 Dec 2017 11:06:41 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/644@github.com>
Hi all, not sure if this is the right place for such a discussion, but as we have not participated in any web/w3/js standards discussion before, please give me the benefit of doubt :) Our company does a lot of integrations of services, often browser-based. Let me give a simple exampe: Jira for Outlook - this tool basically let's you create Jira issues (naively comparable to GitHub issues) from your e-mail client. As the Outlook add-ins are [iFrame based scripts](https://docs.microsoft.com/en-us/outlook/add-ins/) we are usually bound to all security considerations of normal web pages. So we now have a problem when we are integrating with services that do not support CORS, like Jira or systems we don't have control over. Jira for example exposes a perfectly fine JSON based REST-Api, which we unfortunately cannot access directly because there is no CORS support. I would argue that there are a lot of legacy systems or system you don't have access to, but it would make perfectly sense to connect to them, from an integration standpoint. The problem is: What we currently do is proxying the request, including passing user crendentials (though token based, thankfully, a trust issue nevertheless): Outlook iFrame <---------> Our server <------> Jira REST Api What I would like to discuss: Would it be possible to consider asking the user for permission, something which is already done for: - Location Requests - USB Devices Requests  But instead like: The site would like to access the following URL: https://jira.mycompany.com It would make integrations like we do much easier and also safer, considering that web apps are becoming more popular each day. Looking forward to your thoughts! Kind regards Tobi -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/644
Received on Monday, 11 December 2017 11:07:08 UTC