[annotator-dev] CORS Issue

Randall Leeds tilgovi at hypothes.is
Fri Oct 10 16:59:35 UTC 2014

tl;dr if you don't have user accounts everything should just work. If
you're trying to have user accounts and use the Auth plugin, you will need
to create a token endpoint and it needs to be CORS enabled with credentials.
On Oct 10, 2014 9:57 AM, "Randall Leeds" <tilgovi at hypothes.is> wrote:

> On Oct 10, 2014 9:12 AM, "Robert Sanderson" <azaroth42 at gmail.com> wrote:
> >
> >
> > This:  http://enable-cors.org/
> >
> > Or, TL;DR ... add a header to the response: Access-Control-Allow-Origin:
> *
> >
> If you're using the auth plugin you need to do more than this.
> You just also allow credentialed requests and allow the
> X-Annotator-Auth-Token header.
> However, if you're using the annotator-store flask application it sets
> these for you. You do not need to do anything with apache.
> The only exception is that if you do implement authentication, you need to
> provide a token route, which is not built in to annotator-store (although
> the functions you need to do so are in the annotator.auth module).
> Tell us about any questions you have if this is unclear.
> There is documentation here:
> http://docs.annotatorjs.org/en/v1.2.x/authentication.html
> If your token endpoint is on the same origin as the page you're
> annotating, you don't have to worry about CORS there.
> If you're trying to use the bookmarklet or some other way are hoping to
> annotate pages on a different domain, you will need to set appropriate CORS
> headers for the token route. I'd be happy to assist you further if that's
> the case.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20141010/ccc6fac6/attachment-0004.html>

More information about the annotator-dev mailing list