Author Topic: [Feature request] CORS in HTTP server to allow users to authorise website access  (Read 3432 times)

0 Members and 1 Guest are viewing this topic.

Offline monsterer

I spanned a VPN for my machines and can access all of them via RPC interface ..

What's the difference to COR?

This is about enabling websites to talk with localhost for end users. So end users run the existing GUI client, authorise a website by domain name and then the external website is permitted to communicate with localhost (and therefore the GUI client) in order to place orders and perform other private functions.

This means the external website never has to store private keys which is great for security.

Cheers, Paul.
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I spanned a VPN for my machines and can access all of them via RPC interface ..

What's the difference to COR?

Offline monsterer

It would be great if the client supported Cross Origin Resource Sharing so that different web-based front-ends could be created that ran on top of the client.

Obviously there would need to be a way for users to allow a given (set of) domain(s) to access their client as it would otherwise pose a security risk.

The use case is allowing third party website developers to provide slick, exchange like web interfaces which talk directly to the client running on localhost. This would allow the websites to hold no private keys, yet still provide a trading interface.

Cheers, Paul.
« Last Edit: October 14, 2014, 11:03:18 am by monsterer »
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads