Package: www.debian.org Severity: wishlist Without CORS headers, Keyoxide can't use WKD at https://openpgpkey.debian.org/.well-known/openpgpkey/hu/
Trying to load https://keyoxide.org/angdr...@debian.org I get "TypeError: NetworkError when attempting to fetch resource." from the page with the following message in Firefox Web Console: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://openpgpkey.debian.org/.well-known/openpgpkey/debian.org/hu/9x816kggqo951wj5pxew86uhk4greo7a. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). A direct request to the URL above succeeds. The keys served from under /.well-known/openpgpgkey/ are public information, afaict there are no risks to serving a "Access-Control-Allow-Origin: *" header in response to all GET requests to that path prefix. Thank you, -- Dmitry Borodaenko