-
Type:
Sub-task
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: V4.0_WD01
-
Fix Version/s: CN01
-
Component/s: Implementing OData
-
Labels:None
When a client application is written in any of java script technologies like AngularJS, JQuery they use XMLHttpRequest. If they are doing a cross domain call to a OData service, they will be subjected to CORS, especially when any authentication is defined on the OData service.
A good write up CORS can be found here https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
Should OData as specification, recommend this to implemented on OData based services or leave it up to the service developer as implementation detail.
From 2017-1-12:
1) There is nothing specific to OData on CORS support
2) This would be good to put in the Implementing OData whitepaper
3) If we add a section on OPTIONS, as per OData-854, this would be a good place to call out CORS. Otherwise the most we could do would be a note in Protocol that just says services should be aware that they may need to support CORS, but that OData doesn't have any specific requirements on CORS over any standard REST service.