4q1zeNUEtPFS7XbioPYYzM changeset

Changeset396437386130 (b)
Parent303931386635 (a)
ab
4848
4949work flow :
5050
...
51-is the 'origins' section empty in ini ?
51+for /db resources, including system dbs, use the db _security object
51+for all other resources (e.g. /_uuids), use the ini configuration
51+is the 'origins' section empty or non-existant ?
...
5252yes -> is admin party set ?
5353  yes -> return "*" , credentials false (with a good caching policy)
5454  no -> stop
...
5959      is Origin in 'origins[Host]' ?
6060      yes ->
6161        set the cors headers based on 'origins[Host]'
...
62-        are we on a db resource ?
62-          yes ->
62-            repeat 'apply cors steps' with the db _security object instead of the .ini
62-          no ->
62-            succeed
...
6767      no -> fail
6868    no ->
6969      <bikeshed defaults>
...
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
--- Revision 303931386635
+++ Revision 396437386130
@@ -49,7 +49,9 @@
 
 work flow : 
 
-is the 'origins' section empty in ini ?
+for /db resources, including system dbs, use the db _security object
+for all other resources (e.g. /_uuids), use the ini configuration
+is the 'origins' section empty or non-existant ?
 yes -> is admin party set ? 
   yes -> return "*" , credentials false (with a good caching policy)
   no -> stop
@@ -60,11 +62,6 @@
       is Origin in 'origins[Host]' ?
       yes ->
         set the cors headers based on 'origins[Host]'
-        are we on a db resource ?
-          yes ->
-            repeat 'apply cors steps' with the db _security object instead of the .ini
-          no ->
-            succeed
       no -> fail 
     no ->
       <bikeshed defaults>