CORS requests not working in SKS 1.1.5
Tankred Hase
mail at tankredhase.de
Thu Dec 10 07:28:34 CET 2015
Hey,
Tankred from OpenPGP.js / Whiteout.io here. I’m currently testing HTTP CORS request to SKS via JS in the browser after having read the announcement on v1.1.5 (https://lists.gnupg.org/pipermail/gnupg-users/2014-May/049682.html). Unfortunately I’m getting a 502 (Bad Gateway) response. Upon further analysis I saw that only the following header is set:
The Access-Control-Allow-Origin: *
Tested using: https://keyserver.ubuntu.com/pks/lookup?op=get&options=mr&search=safewithme.testuser%40gmail.com
This is indeed a requirement for CORS requests, but not sufficient. Without the following headers, CORS requests from the Browser will fail as an OPTIONS preflight check is required:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
'Access-Control-Allow-Headers‘: Content-Type
You can test how it should look here: https://keys.whiteout.io/safewithme.testuser@gmail.com
Would it be possible to add the headers? It would allow me the remove the need for our proprietary key server proxy and send requests directly to SKS server from the web. Thanks!
Tankred
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20151210/99d14b17/attachment.sig>
More information about the Gnupg-users
mailing list