On Oct 10, 2014 9:12 AM, "Robert Sanderson" <[email protected]> wrote: > > > This: http://enable-cors.org/ > > Or, TL;DR ... add a header to the response: Access-Control-Allow-Origin: * >
If you're using the auth plugin you need to do more than this. You just also allow credentialed requests and allow the X-Annotator-Auth-Token header. However, if you're using the annotator-store flask application it sets these for you. You do not need to do anything with apache. The only exception is that if you do implement authentication, you need to provide a token route, which is not built in to annotator-store (although the functions you need to do so are in the annotator.auth module). Tell us about any questions you have if this is unclear. There is documentation here: http://docs.annotatorjs.org/en/v1.2.x/authentication.html If your token endpoint is on the same origin as the page you're annotating, you don't have to worry about CORS there. If you're trying to use the bookmarklet or some other way are hoping to annotate pages on a different domain, you will need to set appropriate CORS headers for the token route. I'd be happy to assist you further if that's the case.
_______________________________________________ annotator-dev mailing list [email protected] https://lists.okfn.org/mailman/listinfo/annotator-dev Unsubscribe: https://lists.okfn.org/mailman/options/annotator-dev
