issues: 440437037

This data as json

id node_id number title user state locked assignee milestone comments created_at updated_at closed_at author_association pull_request body repo type active_lock_reason performed_via_github_app reactions draft state_reason
440437037 MDU6SXNzdWU0NDA0MzcwMzc= 454 Plugin for allowing CORS from specified hosts 9599 closed 0 9599   5 2019-05-05T12:05:02Z 2019-10-03T23:59:57Z 2019-10-03T23:59:56Z OWNER  

It would be useful if Datasette could be configured to allow CORS requests from one or more origins, as opposed to only allowing either none or "*".

This is slightly tricky because the Access-Control-Allow-Origin: https://foo.example header is only allowed to return one value per request - and according to https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS "The Access-Control-Allow-Origin header should contain the value that was sent in the request's Origin header."

This means the application code needs to have a whitelist of allowed hosts and code that dynamically changes the outgoing Access-Control-Allow-Origin header based on the Origin header from the incoming request.

 107914493 issue     
{
    "url": "https://api.github.com/repos/simonw/datasette/issues/454/reactions",
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
   completed

Links from other tables