Just to add to the context. Right now our stack is a MEAN stack
{mongo}
{express/restify} <—api
{express} <— web-app (with all of the api duplicated route definitions)
{angular} <— web-app
Now i’m working on doing this:
[mongo]
[restify] <— api
[angular] <— webapp
Our api hasn’t change it is still api.mydomain.co <http://api.mydomain.co/>
Our current apps that don’t do any preflights because they call the expressjs
server that served them, then the expressjs server calls the api, gets the
results, and sends back the results to angular. That can be done and it will
remove the pre-flight at the cost of having duplicated http calls (GET /users
=> web-server => GET /users => api).
Where is the security concerns? the brilliant implementations and definition of
what CORS call should be?
There is no way to avoid duplicating http calls? opening sockets and all that?
I either have duplicate call on the server that served the angular-app or in
the browser (on a smaller scale because there is no payload) with the OPTIONS
and GET/POST/DEL calls.
This is silly.
Franky Diaz-Trepat
Full Stack Engineer
+1 (720) 295-0592 / 401-1276
skype: franky.diaz.trepat
fra...@continu.co
> On Jun 12, 2015, at 3:42 AM, Franky Diaz-Trepat <fra...@continu.co> wrote:
>
> I don’t think so. They are subordinates of the same domain.
>
> Domain names are organized in subordinate levels (subdomains) of the DNS root
> <https://en.wikipedia.org/wiki/DNS_root> domain, which is nameless.
>
> Then com. then mydomain then subordinates to mydomain like app api app2 these
> are all subordinates within my organization.
>
> Never mind that now. The concept of CORS is heavily pointed towards having
> one site like app.domain.co <http://app.domain.co/> ask RESTRICTED resources
> from another domain like js.yahoo.com <http://js.yahoo.com/>.
>
> The fact that only Chrome and Firefox, and in Firefox you can whitelist
> sub-domains might also be something worth noting in this discussion.
>
> Franky Diaz-Trepat
> Full Stack Engineer
> +1 (720) 295-0592 / 401-1276
> skype: franky.diaz.trepat
> fra...@continu.co <mailto:fra...@continu.co>
>> On Jun 11, 2015, at 10:09 PM, John Maxwell <j...@jmaxhome.com
>> <mailto:j...@jmaxhome.com>> wrote:
>>
>> On 06/11/2015 09:30:28 PM, Franky Diaz-Trepat wrote:
>>> I don’t understand how app.mydomain.com <http://app.mydomain.com/>
>>> <http://app.mydomain.com/ <http://app.mydomain.com/>> and api.mydomain.com
>>> <http://api.mydomain.com/> <http://api.mydomain.com/
>>> <http://api.mydomain.com/>>
>>> 1-A restricted resource
>>> 2- ANOTHER DOMAIN
>>
>> Can't help with most of your questions, but I'd like to point out that
>> "app.mydomain.com <http://app.mydomain.com/>" and "api.mydomain.com
>> <http://api.mydomain.com/>" are indeed separate domains. The fact that
>> they're both sub-domains of the domain "mydomain.com <http://mydomain.com/>"
>> doesn't change that. So there's that much of your problem.
>>
>> -John
>>
>> --
>> John Maxwell KB3VLL j...@jmaxhome.com <mailto:j...@jmaxhome.com>
>>
>> For those who like this sort of thing, this is the sort of thing they
>> like.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "AngularJS" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/angular/8krFnmC_Svs/unsubscribe
>> <https://groups.google.com/d/topic/angular/8krFnmC_Svs/unsubscribe>.
>> To unsubscribe from this group and all its topics, send an email to
>> angular+unsubscr...@googlegroups.com
>> <mailto:angular+unsubscr...@googlegroups.com>.
>> To post to this group, send email to angular@googlegroups.com
>> <mailto:angular@googlegroups.com>.
>> Visit this group at http://groups.google.com/group/angular
>> <http://groups.google.com/group/angular>.
>> For more options, visit https://groups.google.com/d/optout
>> <https://groups.google.com/d/optout>.
>
--
You received this message because you are subscribed to the Google Groups
"AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to angular+unsubscr...@googlegroups.com.
To post to this group, send email to angular@googlegroups.com.
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/d/optout.
