[openstreetmap-website] Allow cross-origin request to API (#138)

Tom Hughes notifications at github.com
Mon Oct 22 09:32:31 GMT 2012

> Yes, this is different than what flash and silverlight do for cross-origin requests. Basically, what happens is the browser preflights any cross-origin request by making an OPTIONS request to the same path, and if it gets an affirmative response, the request is permitted.
> Can we update the apache config so that OPTIONS requests always go to the rails port? Then we wouldn't need any cgimap changes.

We certainly can force OPTIONS through rails but I'd rather not if we can avoid it as we're trying to move API stuff away from rails, not add more to it.

As things stand cgimap only does the map call anyway, so only has to handle GET requests and OPTIONS will not be an issue. It's also perfectly possibly to get apache to do the CORS stuff with mod_header anyway, which we could do for cgimap even if we don't do it for rails.

Handling OPTIONS through apache will need a bit more work but I think it should be possible - just need a way to force apache to send an empty response body. That might just mean creating an empty file and mapping the requests to that...

Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20121022/767a0fcb/attachment.html>

More information about the rails-dev mailing list