CORS.. authorized origin..??
Hi Guys,
I am a little confused about the state of CORS? We have developed desktop app (www.ideamapper.com) for which one of the editions, the "student edition" offers a built-in client for Zotero and it does work well. On a desktop.
However, we are now creating a web version using WASM and unfortunately, unless CORS is enabled for our domain, we simply cannot offer this interface which is bad. Can I suggest that you add a field in the "Edit Application" page which would allow me to specify the origin that should be returned in the "Access-Control-Allow-Origin:" header so that the data actually makes it to my app? The alternative would be to route all requests through a third party but that doesn't seem to be a good idea.. FYI, you can do a similar thing on the Google API when a client app is created, its called "Authorized JavaScript origin".
Ideally, if all requests required to log into zotero could carry the "Access-Control-Allow-Origin: *" header then it would allow us to authorise directly inside the WASM, rather than outside which makes it difficult..
Thanks,
Andres
I am a little confused about the state of CORS? We have developed desktop app (www.ideamapper.com) for which one of the editions, the "student edition" offers a built-in client for Zotero and it does work well. On a desktop.
However, we are now creating a web version using WASM and unfortunately, unless CORS is enabled for our domain, we simply cannot offer this interface which is bad. Can I suggest that you add a field in the "Edit Application" page which would allow me to specify the origin that should be returned in the "Access-Control-Allow-Origin:" header so that the data actually makes it to my app? The alternative would be to route all requests through a third party but that doesn't seem to be a good idea.. FYI, you can do a similar thing on the Google API when a client app is created, its called "Authorized JavaScript origin".
Ideally, if all requests required to log into zotero could carry the "Access-Control-Allow-Origin: *" header then it would allow us to authorise directly inside the WASM, rather than outside which makes it difficult..
Thanks,
Andres
-
dstillman Zotero TeamPlease post this to zotero-dev — we try to keep technical discussions there. I'm not entirely sure what you're referring to, though, so please clarify exactly what you're trying to do, including example requests. The web API allows CORS from any origin.
This is an old discussion that has not been active in a long time. Before commenting here, you should strongly consider starting a new discussion instead. If you think the content of this discussion is still relevant, you can link to it from your new discussion.
Upgrade Storage