Hello, I have noticed that XEP-0363: HTTP File Upload was recently updated with recommendations that make it possible to use from a web client, notably CORS headers. [0]
[0]: https://xmpp.org/extensions/xep-0363.html#impl I think the similar thing could be added to XEP-0156: Discovering Alternative XMPP Connection Methods [1]. In this case (because it's only GET) adding a single "Access-Control-Allow-Origin: *" header would allow web clients to discover BOSH/WebSocket endpoints. [1]: https://xmpp.org/extensions/xep-0156.html#http The short summary of what would be changed is: - recommending "Access-Control-Allow-Origin: *" for /.well-known/host-meta and /.well-known/host-meta.json I don't know if that's the correct place, but depending on the connection method the endpoints pointed to by host-meta would also need further headers, e.g. "Access-Control-Allow-Origin: *" for WebSockets and additionally Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT" for BOSH. Kind regards, Wiktor -- https://metacode.biz/@wiktor _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________