You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-issues@apache.org by "Marc Guillemot (JIRA)" <ji...@apache.org> on 2010/07/15 11:27:51 UTC

[jira] Created: (INFRA-2877) Add header Access-Control-Allow-Origin: * to http://www.apache.org/dist/'

Add header Access-Control-Allow-Origin: * to http://www.apache.org/dist/'
-------------------------------------------------------------------------

                 Key: INFRA-2877
                 URL: https://issues.apache.org/jira/browse/INFRA-2877
             Project: Infrastructure
          Issue Type: Improvement
      Security Level: public (Regular issues)
          Components: Dists
            Reporter: Marc Guillemot


It would be great if (html) responses to pages from http://www.apache.org/dist/ (and deeper) could be served with the header:

Access-Control-Allow-Origin: *

I want to check per XMLHttpRequest if my web application uses the latest available version of different libraries. Cross side requests are subject to restrictions and this header tell that XMLHttpRequests are allowed to read the content (see [1] for a good explanation). I don't see any reason for the ASF not to allow access to these pages from XMLHttpRequest. In fact perhaps should all apache.org pages be returned with this headers (when Origin request header is set).

[1] https://developer.mozilla.org/En/HTTP_Access_Control

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Assigned: (INFRA-2877) Add header Access-Control-Allow-Origin: * to http://www.apache.org/dist/'

Posted by "Tony Stevenson (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/INFRA-2877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tony Stevenson reassigned INFRA-2877:
-------------------------------------

    Assignee: Tony Stevenson

> Add header Access-Control-Allow-Origin: * to http://www.apache.org/dist/'
> -------------------------------------------------------------------------
>
>                 Key: INFRA-2877
>                 URL: https://issues.apache.org/jira/browse/INFRA-2877
>             Project: Infrastructure
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Dists
>            Reporter: Marc Guillemot
>            Assignee: Tony Stevenson
>
> It would be great if (html) responses to pages from http://www.apache.org/dist/ (and deeper) could be served with the header:
> Access-Control-Allow-Origin: *
> I want to check per XMLHttpRequest if my web application uses the latest available version of different libraries. Cross side requests are subject to restrictions and this header tell that XMLHttpRequests are allowed to read the content (see [1] for a good explanation). I don't see any reason for the ASF not to allow access to these pages from XMLHttpRequest. In fact perhaps should all apache.org pages be returned with this headers (when Origin request header is set).
> [1] https://developer.mozilla.org/En/HTTP_Access_Control

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (INFRA-2877) Add header Access-Control-Allow-Origin: * to http://www.apache.org/dist/'

Posted by "Tony Stevenson (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/INFRA-2877?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tony Stevenson closed INFRA-2877.
---------------------------------

    Resolution: Fixed

I have added this,  however it will be removed just as quickly should we find it has any adverse effects on the service. 

Committed revision 778032.

HTTP/1.1 200 OK
Date: Thu, 21 Oct 2010 00:45:52 GMT
Server: Apache/2.3.8 (Unix) mod_ssl/2.3.8 OpenSSL/1.0.0a
Vary: Accept-Encoding
Cache-Control: max-age=86400
Expires: Fri, 22 Oct 2010 00:45:52 GMT
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Content-Type: text/html;charset=ISO-8859-1

Changes applied to both the US and EU mirrors.

> Add header Access-Control-Allow-Origin: * to http://www.apache.org/dist/'
> -------------------------------------------------------------------------
>
>                 Key: INFRA-2877
>                 URL: https://issues.apache.org/jira/browse/INFRA-2877
>             Project: Infrastructure
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: Dists
>            Reporter: Marc Guillemot
>            Assignee: Tony Stevenson
>
> It would be great if (html) responses to pages from http://www.apache.org/dist/ (and deeper) could be served with the header:
> Access-Control-Allow-Origin: *
> I want to check per XMLHttpRequest if my web application uses the latest available version of different libraries. Cross side requests are subject to restrictions and this header tell that XMLHttpRequests are allowed to read the content (see [1] for a good explanation). I don't see any reason for the ASF not to allow access to these pages from XMLHttpRequest. In fact perhaps should all apache.org pages be returned with this headers (when Origin request header is set).
> [1] https://developer.mozilla.org/En/HTTP_Access_Control

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.