Feature Request - CORS headers
Posted: Mon Mar 05, 2012 3:08 pm
Hi,
I am writing a completely custom UI for the BCS using javascript.
One of the problems with using javascript is the restrictions around Same Origin Policy which basically means you can't access the BCS directly from javascript, you need to run a server-side proxy. This limits where the device can be run (needs a web server, which then implies internet access).
Would it be possible to add CORS headers to BCS so that we can directly access the device without the need for a proxy? That would make it easier to use the device without internet access or on mobile devices on a local network. It would be a matter of adding a single response header to each of the APIs allowing all (or a configurable address) direct access like this:
Access-Control-Allow-Origin: http://api.bob.com
Details here: http://www.html5rocks.com/en/tutorials/cors/
I am writing a completely custom UI for the BCS using javascript.
One of the problems with using javascript is the restrictions around Same Origin Policy which basically means you can't access the BCS directly from javascript, you need to run a server-side proxy. This limits where the device can be run (needs a web server, which then implies internet access).
Would it be possible to add CORS headers to BCS so that we can directly access the device without the need for a proxy? That would make it easier to use the device without internet access or on mobile devices on a local network. It would be a matter of adding a single response header to each of the APIs allowing all (or a configurable address) direct access like this:
Access-Control-Allow-Origin: http://api.bob.com
Details here: http://www.html5rocks.com/en/tutorials/cors/