[Request] CORS between domain and subdomains, and cross-subdomains
[Request] CORS between domain and subdomains, and cross-subdomains
I'm not too studied-up on CORS, but I know what it's there for. Currently there's a number of things that are not possible to do because our generator is on a different subdomain than other generators or iframes, etc. etc. and even the top-level page we're actually on.
With that allowed (I think CORS can allow this), there's a lot more customisation we can do of things like t2i image iframes and gallery iframes, reading/changing the top-level url, etc. Maybe that's something you don't want to allow, but I for one have wanted to do these things for completely benign legit reasons multiple times.
To help me understand, can you give an example of what you're trying to achieve? Note there's perchance.org/super-fetch-plugin which can bypass CORS if you're just trying to fetch a cross-origin resource that doesn't have the appropriate CORS headers.
Stuff like reaching into an iframe and messing about with it. I want to remove the gallery buttons in my plugin pages for example. While yes, you could add that feature, I could do it fairly easily myself I think--if cross-subdomain access was allowed.
Also, an image generator I'm working on takes in url parameters. I wanted to be able to clear them after processing using history.pushState, but as that would reach across into the main perchance.org domain it's disallowed.
I'm not 100% sure it's CORS that would allow this, but I'm sure there's some way of telling the browser it's cool.
- I want to remove the gallery buttons in my plugin pages for example
- that would reach across into the main perchance.org domain it’s disallowed
Allowing general-purpose cross-domain access like this is not possible, since it would allow very easy login credential stealing, and stuff like that, but these particular things that you've mentioned are good suggestions.
RE gallery button: You're talking about the "send to gallery" and the "open gallery" buttons in the menu after clicking the heart button, right? Would something like this work?
promptData prompt = ... hideGalleryButtons = trueI have needed
history.replaceStatebefore myself, but haven't gotten around to properly thinking about it. I think it should be fine to allow a generator to change the query parameters and hash (i.e. everything other than the pathname - since otherwise could 'spoof' other generators/pages). Can you let me know your specific use case to help me triangulate on a good approach here? Do you specifically need pushState? Or will replaceState do? I'm reluctant to add pushState because it can be used ~maliciously - like the spammy sites that effectively hijack your back button to prevent you from leaving the page (or at least, make it require an extra click or two).