-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Access-Control-Allow-Origin response header #4367
Conversation
My initial assessment that the header can only be added for public bundles is incorrect. It is safe to add the header to all responses, even for private bundles, because of the how requests with credentials work:
|
c2fd071
to
3fa5c2c
Compare
codalab/rest/bundles.py
Outdated
- `Target-Type: file` | ||
- `X-CodaLab-Target-Size: <size of the target>` | ||
|
||
HTTP Response headers (for directories): | ||
- `Content-Disposition: attachment; filename=<bundle or directory name>.tar.gz` | ||
- `Content-Type: application/gzip` | ||
- `Content-Encoding: identity` | ||
- `Access-Control-Allow-Origin: *` (only sent if the bundle is public) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please update this documentation to remove the "only sent if the bundle is public" part
b22a3d1
to
6f19898
Compare
fa74ec4
to
d4d3a3d
Compare
Reasons for making this change
This allows websites not hosted CodaLab to make
XMLHttpRequests
to fetch files from CodaLab bundles.Related issues
Addresses #4365
Checklist