Hi Wiktor, On Freitag, 4. Januar 2019 11:48:23 CET Wiktor Kwapisiewicz wrote: > Hello, > > I have noticed that XEP-0363: HTTP File Upload was recently updated with > recommendations that make it possible to use from a web client, notably CORS > headers. [0] > > [0]: https://xmpp.org/extensions/xep-0363.html#impl > > I think the similar thing could be added to XEP-0156: Discovering > Alternative XMPP Connection Methods [1]. In this case (because it's only > GET) adding a single "Access-Control-Allow-Origin: *" header would allow > web clients to discover BOSH/WebSocket endpoints. > > [1]: https://xmpp.org/extensions/xep-0156.html#http > > The short summary of what would be changed is: > - recommending "Access-Control-Allow-Origin: *" for /.well-known/host-meta > and /.well-known/host-meta.json > > I don't know if that's the correct place, but depending on the connection > method the endpoints pointed to by host-meta would also need further > headers, e.g. "Access-Control-Allow-Origin: *" for WebSockets and > additionally > Access-Control-Allow-Methods: OPTIONS, HEAD, GET, PUT" for BOSH.
I think that is a sensible thing to mention in the Implementation Notes. Would it be possible that you draft a patch and make a PR on GitHub [1] or send it via email here or to [email protected] (make sure to mention the XEP-0156 in the subject)? Discussing a concrete patch is often easier :-). kind regards, Jonas
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
