You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-issues@apache.org by "Tony Stevenson (JIRA)" <ji...@apache.org> on 2010/10/21 02:47:23 UTC

[jira] Closed: (INFRA-2877) Add header Access-Control-Allow-Origin: * to http://www.apache.org/dist/'

     [ https://issues.apache.org/jira/browse/INFRA-2877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tony Stevenson closed INFRA-2877.
---------------------------------

    Resolution: Fixed

I have added this,  however it will be removed just as quickly should we find it has any adverse effects on the service. 

Committed revision 778032.

HTTP/1.1 200 OK
Date: Thu, 21 Oct 2010 00:45:52 GMT
Server: Apache/2.3.8 (Unix) mod_ssl/2.3.8 OpenSSL/1.0.0a
Vary: Accept-Encoding
Cache-Control: max-age=86400
Expires: Fri, 22 Oct 2010 00:45:52 GMT
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1

Changes applied to both the US and EU mirrors.

> Add header Access-Control-Allow-Origin: * to http://www.apache.org/dist/'
> -------------------------------------------------------------------------
>
>                 Key: INFRA-2877
>                 URL: https://issues.apache.org/jira/browse/INFRA-2877
>             Project: Infrastructure
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Dists
>            Reporter: Marc Guillemot
>            Assignee: Tony Stevenson
>
> It would be great if (html) responses to pages from http://www.apache.org/dist/ (and deeper) could be served with the header:
> Access-Control-Allow-Origin: *
> I want to check per XMLHttpRequest if my web application uses the latest available version of different libraries. Cross side requests are subject to restrictions and this header tell that XMLHttpRequests are allowed to read the content (see [1] for a good explanation). I don't see any reason for the ASF not to allow access to these pages from XMLHttpRequest. In fact perhaps should all apache.org pages be returned with this headers (when Origin request header is set).
> [1] https://developer.mozilla.org/En/HTTP_Access_Control

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.