wholetrans/docs-matrix-spec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Say that identity services should be nice to web browsers (CORS/OPTIONS)

Browse source
This commit is contained in:
Travis Ralston 2018-08-29 21:01:14 -06:00
parent bbba7dedd6
commit 039cefdbea
1 changed files with 16 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

16
specification/identity_service_api.rst
View file

@ -137,6 +137,22 @@ should allow a 3pid to be mapped to a Matrix user identity, but not in the other
direction (i.e. one should not be able to get all 3pids associated with a Matrix direction (i.e. one should not be able to get all 3pids associated with a Matrix
user ID, or get all 3pids associated with a 3pid). user ID, or get all 3pids associated with a 3pid).
Web browser clients
-------------------
It is realistic to expect that some clients will be written to be run within a web
browser or similar environment. In these cases, the identity service should respond to
pre-flight requests and supply Cross-Origin Resource Sharing (CORS) headers on all
requests.
When a client approaches the server with a pre-flight (OPTIONS) request, the server
should respond with the CORS headers for that route. The recommended CORS headers
to be returned by servers on all requests are::
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Status check Status check
------------ ------------