Re: [Standards] CORS for XEP-0156: Discovering Alternative XMPP Connection Methods
Hi Jonas, >> I have noticed that XEP-0363: HTTP File Upload was recently updated with >> recommendations that make it possible to use from a web client, notably CORS >> headers. [0] >> >> [0]: https://xmpp.org/extensions/xep-0363.html#impl >> > I think that is a sensible thing to mention in the Implementation Notes. > Would > it be possible that you draft a patch and make a PR on GitHub [1] or send it > via email here or to editor at xmpp.org (make sure to mention the XEP-0156 in > the > subject)? > > Discussing a concrete patch is often easier :-). > Thanks a lot for the suggestion! I agree discussing patches is a lot easier. I don't know the process well and I'd be very glad if you checked the change. The PR is at: https://github.com/xsf/xeps/pull/743 Kind regards, Wiktor -- https://metacode.biz/@wiktor ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
Re: [Standards] CORS for XEP-0156: Discovering Alternative XMPP Connection Methods
Hi Wiktor, On Freitag, 4. Januar 2019 11:48:23 CET Wiktor Kwapisiewicz wrote: > Hello, > > I have noticed that XEP-0363: HTTP File Upload was recently updated with > recommendations that make it possible to use from a web client, notably CORS > headers. [0] > > [0]: https://xmpp.org/extensions/xep-0363.html#impl > > I think the similar thing could be added to XEP-0156: Discovering > Alternative XMPP Connection Methods [1]. In this case (because it's only > GET) adding a single "Access-Control-Allow-Origin: *" header would allow > web clients to discover BOSH/WebSocket endpoints. > > [1]: https://xmpp.org/extensions/xep-0156.html#http > > The short summary of what would be changed is: > - recommending "Access-Control-Allow-Origin: *" for /.well-known/host-meta > and /.well-known/host-meta.json > > I don't know if that's the correct place, but depending on the connection > method the endpoints pointed to by host-meta would also need further > headers, e.g. "Access-Control-Allow-Origin: *" for WebSockets and > additionally > Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT" for BOSH. I think that is a sensible thing to mention in the Implementation Notes. Would it be possible that you draft a patch and make a PR on GitHub [1] or send it via email here or to edi...@xmpp.org (make sure to mention the XEP-0156 in the subject)? Discussing a concrete patch is often easier :-). kind regards, Jonas signature.asc Description: This is a digitally signed message part. ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
[Standards] CORS for XEP-0156: Discovering Alternative XMPP Connection Methods
Hello, I have noticed that XEP-0363: HTTP File Upload was recently updated with recommendations that make it possible to use from a web client, notably CORS headers. [0] [0]: https://xmpp.org/extensions/xep-0363.html#impl I think the similar thing could be added to XEP-0156: Discovering Alternative XMPP Connection Methods [1]. In this case (because it's only GET) adding a single "Access-Control-Allow-Origin: *" header would allow web clients to discover BOSH/WebSocket endpoints. [1]: https://xmpp.org/extensions/xep-0156.html#http The short summary of what would be changed is: - recommending "Access-Control-Allow-Origin: *" for /.well-known/host-meta and /.well-known/host-meta.json I don't know if that's the correct place, but depending on the connection method the endpoints pointed to by host-meta would also need further headers, e.g. "Access-Control-Allow-Origin: *" for WebSockets and additionally Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT" for BOSH. Kind regards, Wiktor -- https://metacode.biz/@wiktor ___ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org ___
