Hi all, There has been a bit of discussion surrounding cross-origin resource sharing in Mesos and we would like to float a design doc to delineate/collect thoughts from the community and propose an implementation.
For a bit of context: From the master WebUI we construct agent resource requests with a jsonp parameter to wrap returned resources in a callback to work around browser same-origin access controls. There are security concerns with this approach, one such example is cited in the doc, and there is a consensus that jsonp should be removed from the Mesos codebase. Implementing CORS support is a step in that direction. Here’s a link to the doc: https://docs.google.com/document/d/1a6xaljM2yjtteyQ3zz1hmjLcCUOZ_YUHDNzrRm6gOh0/edit?usp=sharing Thanks and comments welcome! - Jacob Janco
