W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2010

[cors] Response header whitelist requires changing the API

From: Jaka Jančar <jaka@kubje.org>
Date: Tue, 9 Mar 2010 21:21:37 +0100
Message-ID: <6ed3a361003091221s63225482mb5dd42d4762d1f34@mail.gmail.com>
To: public-webapps@w3.org

Our server has a REST-ful API, where creating a user is done by
POST-ing to /users. The response contains a Location header pointing
to the newly-created resource, such as "Location: /users/15".

Since reading the Location header is not possible for cross-origin
requests, we must change the API to return this information somewhere
in the body.

I'm not sure if this is against the Requirement #15:

> Cross-origin requests should not require API changes other than allowing cross-origin requests. This means that the following examples should work for resources residing on http://test.example (modulo changes to the respective specifications to allow cross-origin requests): [...]

Anyway, a way of specifying which headers the client is allowed to
read, or some other solution, would be nice.

Received on Wednesday, 10 March 2010 09:19:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:05 UTC