Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
Domino Apps might become integrated into more complex, multi-site web applications. For this exists CORS - Cross Origin Resource Sharing.
If CORS is enabled in a web app, a browser might send "preflight" requests to Domino to verify if a certain HTTP method would be allowed (or not). This OPTIONS request seems still not supported in Domino.
The requests come from the browser, not from an app developer.
See https://stackoverflow.com/questions/29478188/domino-cors-and-the-options-request
It's on the work list.
Attachments Open full size
A first step would be to be able to define this within a site document and ensuring that the unauthenticated OPTIONS request is responded nicely (4 headers). A more complete approach would be based as a database configuration that can override a default. This is a key requirement for dominos role in application development when it provides resources to applications requesting these from the browser.
Attachments Open full size
This may be better posted in Domino / Security ?
Attachments Open full size