[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[EP-tech] Question about CORS
- Subject: [EP-tech] Question about CORS
- From: cjg at ecs.soton.ac.uk (Christopher Gutteridge)
- Date: Tue, 22 Aug 2017 14:58:36 +0100
Hi, a bit odd me asking a question but I'm a bit rusty.
We've a request from a (non malicious) third party to allow CORS so they
If there's any way to alter the system via these URLs it's a
cross-site-scripting no-no, and from reviewing the code I *think* that
those URLs are always read-only.
I thought the REST interface was at /rest/ but it looks like there's
another one implemented on /id/
-- uses /rest/
-- uses /id/
I suspect that means that it *is* too dangerous to allow cross site JS
to connect to /id/ which is a pity, but security first, right?
Christopher Gutteridge -- http://users.ecs.soton.ac.uk/cjg
University of Southampton Open Data Service: http://data.southampton.ac.uk/
You should read our Web & Data Innovation blog: http://blogs.ecs.soton.ac.uk/webteam/