[Feature request] CORS in HTTP server to allow users to authorise website access

[monsterer]

I spanned a VPN for my machines and can access all of them via RPC interface ..

What's the difference to COR?

This is about enabling websites to talk with localhost for end users. So end users run the existing GUI client, authorise a website by domain name and then the external website is permitted to communicate with localhost (and therefore the GUI client) in order to place orders and perform other private functions.

This means the external website never has to store private keys which is great for security.

Cheers, Paul.

[xeroc]

I spanned a VPN for my machines and can access all of them via RPC interface ..

What's the difference to COR?

[monsterer]

It would be great if the client supported Cross Origin Resource Sharing so that different web-based front-ends could be created that ran on top of the client.

Obviously there would need to be a way for users to allow a given (set of) domain(s) to access their client as it would otherwise pose a security risk.

The use case is allowing third party website developers to provide slick, exchange like web interfaces which talk directly to the client running on localhost. This would allow the websites to hold no private keys, yet still provide a trading interface.

Cheers, Paul.