Hi -
On Thu, Jun 05, 2014 at 05:25:03AM -0400, Nathan Scott wrote:
> [...]
> ----- Original Message -----
> > Our client application is running on a different instance than the one
> > serving PCP. That means for all JavaScript API requests to PCP server we
> > need to include an extra header in order for our browser client to accept
> > the response:
> >
> > Access-Control-Allow-Origin: *
> >
> > This is fairly standard on any API that is meant to be used by external
> > clients.
> > [...]
Thanks Nathan for prototyping something far more flexible than called for
this by request. aather, mspier, et al., I'd like to hear your opinions
about whether the extra configurability is needed or helpful, or whether
simply hard-coding "A-C-A-O: *" is sufficient for forseeable purposes.
(For example, the caching pragmas in nathans' sample may be positively
counterproductive: pmwebd may be in a position to know that some data
(metadata, help texts, historical archived metrics) are not going to
change, and therefore would prefer to encourage clients to cache those
but not live data.)
- FChE
|