Hello all!

I would like to start using Squeak as the glue that connects different applications on my machine(s). I've decided that the best way to do this without having to deal with too much Unixy mambo-jumbo is to build little web apis and have the servers run in Squeak. That said, I've run into a problem: WebServer currently has no way to configure itself for CORS. Usually this wouldn't be an issue -- I could add the appropriate headers on my Response objects as needed manually. However, WebServer opaquely handles certain requests itself, specifically the OPTIONS request, which is used as a preflight fetch.

 

A clear example of a use case is the one I'm building now: a bookmarklet that saves some info about the current page I'm on, and then sends that info to my little Squeak mini web server locally on the same machine. This ends up being a cross-origin request, however, and as it stands WebServer cannot deal with it (throws a CORS error on the client side).

 

So, two questions. First: has anyone already dealt with this and am I missing some simple technique/package? Second: if not, what do we think is the best move here? Should we create something like a CrossOriginPolicy object, have a default instance present on WebServer that does what it currently does (which is nothing), but make it configurable? If the latter seems reasonable then I can take it on.

Thanks!