Thinking ahead a little bit, the potential benefit of formally
adopting this in DAS is huge - beyond the current set of simple GET
requests, it actually makes authenticated cross site requests such as
for writeback work, which at the moment will be very difficult to make
work.
I was wondering if we should just add a requirement to handle this to
the DAS spec, with an example of course. It's very simple to implement
and we could potentially dodge a big bullet by making all 1.6+ servers
do it now. By the time it's supported in all browsers we could have a
large proportion of DAS servers supporting it.
Cheers,
Andy
Just to add, the latest trunk version of ProServer also does this.
On 15 Sep 2009, at 12:46, Thomas Down wrote:
DAS server developers might be interested to take a look at the W3C/
WHATWG
cross-origin resource sharing stuff here:
http://dev.w3.org/2006/waf/access-control/
There's also a rather more practical description of what this is
good for
here:
https://developer.mozilla.org/En/HTTP_access_control
My reading of all this is that if you're running a DAS server on a
publically-accessible HTTP endpoint, you probably want to send a
header
along the lines of:
Access-Control-Allow-Origin: *
This is the now the default behaviour in SVN-latest versions of
Dazzle.
Note that this doesn't prevent you from securing your DAS servers
(for
instance by authenticating clients by password or IP address). It
does,
however, make life an awful lot easier for anyone who might be
interested in
fetching DAS data using Javascript code running in a browser.
Thomas.
_______________________________________________
DAS mailing list
[email protected]
http://lists.open-bio.org/mailman/listinfo/das
_______________________________________________
DAS mailing list
[email protected]
http://lists.open-bio.org/mailman/listinfo/das
_______________________________________________
DAS mailing list
[email protected]
http://lists.open-bio.org/mailman/listinfo/das
