[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#974094: openpgpkey.debian.org: CORS header Access-Control-Allow-Origin missing

Package: www.debian.org
Severity: wishlist

Without CORS headers, Keyoxide can't use WKD at

Trying to load https://keyoxide.org/angdraug@debian.org
I get "TypeError: NetworkError when attempting to fetch resource." from the
page with the following message in Firefox Web Console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
remote resource at
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

A direct request to the URL above succeeds.

The keys served from under /.well-known/openpgpgkey/ are public information,
afaict there are no risks to serving a "Access-Control-Allow-Origin: *" header
in response to all GET requests to that path prefix.

Thank you,
Dmitry Borodaenko

Reply to: