diff --git a/README.md b/README.md index 72795a1b..28912006 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,9 @@ some options: following property, `cors_whitelist` will be read and and the `Origin` header of the request will be checked against that list. If there is a match, the [`Access-Control-Allow-Origin`](http://www.w3.org/TR/cors/#access-control-allow-origin-response-header) will contain that value and the request - should go through. + should go through. The value of this option can also be set to `*`, which will + make info requests publicly available (responses will include + `Access-Control-Allow-Origin=*`) Note that you can also supply a `callback` parameter to requests (e.g. `?callback=myfunct`) to do [JSONP](http://en.wikipedia.org/wiki/JSONP) style diff --git a/loris/webapp.py b/loris/webapp.py index f52b142c..04ec1147 100755 --- a/loris/webapp.py +++ b/loris/webapp.py @@ -352,7 +352,9 @@ def get_info_conneg(self, request, ident): def get_info(self, request, ident): r = LorisResponse() if self.enable_cors and request.headers.get('origin'): - if request.headers['origin'] in self.cors_whitelist: + if self.cors_whitelist[0] == '*': + r.headers['access-control-allow-origin'] = '*' + elif request.headers['origin'] in self.cors_whitelist: r.headers['access-control-allow-origin'] = request.headers['origin'] try: