Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open-up cross-origin requests #18

Closed
aramperes opened this issue Jan 27, 2021 · 1 comment
Closed

Open-up cross-origin requests #18

aramperes opened this issue Jan 27, 2021 · 1 comment
Labels
approved use-case
Milestone
v1

Comments

@aramperes
Copy link
Member

aramperes commented Jan 27, 2021
edited
Loading

Use-Case Description

At the moment, the API doesn't allow cross-origin requests because it inherits it from the main website. We should allow cross-origin requests to a certain extent, especially for apps that don't have a backend server.

Semantics

Cross-origin requests shouldn't use the client credentials flow, since that would leak the client secret. The implicit auth flow (#23) might be the easiest, as it shouldn't encumber users too much (clicking a link and clicking Accept).
@aramperes aramperes added this to the v1 milestone Jan 27, 2021
@aramperes aramperes mentioned this issue Jan 27, 2021
Open
@aramperes
Copy link
Member Author

Wildcard cross-origin requests are now enabled for /api/v1beta, and the Authorization header is allowed. Note that internal endpoints are still restricted to wavy.fm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
approved use-case
Projects
None yet
Milestone
v1
Development

No branches or pull requests
1 participant
@aramperes