Skip to content

gateway: add CORS to specs #423

New issue
New issue
Open
Open
gateway: add CORS to specs#423
Labels
P1High: Likely tackled by core team if no one steps updif/expertExtensive knowledge (implications, ramifications) requiredeffort/daysEstimated to take multiple days, but less than a weekkind/maintenanceWork required to avoid breaking changes or harm to project's status quo
@lidel

Description

@lidel
lidel
opened on Jun 26, 2023

Currently, gateway specs leave CORS to implementers, but various things will not work on public gateways (path, subdomain, and trustless) unless relaxed CORS is set, like we do in boxo/gateway.

### Tasks
- [ ] add https://specs.ipfs.tech/http-gateways/cors -  a standalone spec documenting CORS behavior on different gateway types and use cases. 
- [ ] make existing path gateway, subdomain gateway (mention caveat from https://github.com/ipfs/kubo/issues/9983#issuecomment-1599673976), trustless, dnslink refer the cors spec + describe only own delta
- [ ] make existing routing/v1 specs refer to it as well
- [ ] resolve open question about Cache-Control (https://github.com/ipfs/specs/issues/400)
- [ ] make sure it covers CORS, `Vary: Origin`, and HTTP Caching ramifications identified in https://github.com/ipshipyard/waterworks-community/issues/7

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1High: Likely tackled by core team if no one steps updif/expertExtensive knowledge (implications, ramifications) requiredeffort/daysEstimated to take multiple days, but less than a weekkind/maintenanceWork required to avoid breaking changes or harm to project's status quo

    Type

    No type

    Projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions