CORS issues

Issue

Cross-origin resource sharing (CORS) is a mechanism that allows many resources (e.g. fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated (src : Wikipedia).

In the context of a HTML CID client, any interact step operated with the regular web transport imply cross-origin requests. The server must enable CORS requests according to the manifest definition.

Enable CORS request

The server must specify the source location from where it can be loaded. In the CID context, the CID server must accept CORS requests from the client URL. To do this, the server must include a Access-Control-Allow-Origin field in the response header with the URL of the client as value.

Enable POST or PUT HTTP messages

To enable other request than the classic HTTP GET, the CID server must respond to a HTTP OPTION request with Access-Control-Allow-Methods field in the header and GET, POST, PUT as value.

Enable the use of specific header

To enable the use of specific headers between client and server, the CID server must respond to a HTTP OPTION request with Access-Control-Allow-Headers field in the header and the name of the specific headers as value.