187 :`navigation.related-limit`: |
187 :`navigation.related-limit`: |
188 number of related entities to show up on primary entity view |
188 number of related entities to show up on primary entity view |
189 :`navigation.combobox-limit`: |
189 :`navigation.combobox-limit`: |
190 number of entities unrelated to show up on the drop-down lists of |
190 number of entities unrelated to show up on the drop-down lists of |
191 the sight on an editing entity view |
191 the sight on an editing entity view |
|
192 |
|
193 Cross-Origin Resource Sharing |
|
194 ----------------------------- |
|
195 |
|
196 CubicWeb provides some support for the CORS_ protocol. For now, the |
|
197 provided implementation only deals with access to a CubicWeb instance |
|
198 as a whole. Support for a finer granularity may be considered in the |
|
199 future. |
|
200 |
|
201 Specificities of the provided implementation: |
|
202 |
|
203 - ``Access-Control-Allow-Credentials`` is always true |
|
204 - ``Access-Control-Allow-Origin`` header in response will never be |
|
205 ``*`` |
|
206 - ``Access-Control-Expose-Headers`` can be configured globally (see below) |
|
207 - ``Access-Control-Max-Age`` can be configured globally (see below) |
|
208 - ``Access-Control-Allow-Methods`` can be configured globally (see below) |
|
209 - ``Access-Control-Allow-Headers`` can be configured globally (see below) |
|
210 |
|
211 |
|
212 A few parameters can be set to configure the CORS_ capabilities of CubicWeb. |
|
213 |
|
214 .. _CORS: http://www.w3.org/TR/cors/ |
|
215 |
|
216 :`access-control-allow-origin`: |
|
217 comma-separated list of allowed origin domains or "*" for any domain |
|
218 :`access-control-allow-methods`: |
|
219 comma-separated list of allowed HTTP methods |
|
220 :`access-control-max-age`: |
|
221 maximum age of cross-origin resource sharing (in seconds) |
|
222 :`access-control-allow-headers`: |
|
223 comma-separated list of allowed HTTP custom headers (used in simple requests) |
|
224 :`access-control-expose-headers`: |
|
225 comma-separated list of allowed HTTP custom headers (used in preflight requests) |
|
226 |