Datasette plugin for configuring CORS headers, based on https://github.com/simonw/asgi-cors
You can use this plugin to allow JavaScript running on a whitelisted set of domains to make fetch() calls to the JSON API provided by your Datasette instance.
pip install datasette-cors
You need to add some configuration to your Datasette metadata.json file for this plugin to take effect.
To whitelist specific domains, use this:
{
"plugins": {
"datasette-cors": {
"hosts": ["https://www.example.com"]
}
}
}You can also whitelist patterns like this:
{
"plugins": {
"datasette-cors": {
"host_wildcards": ["https://*.example.com"]
}
}
}To test this plugin out, run it locally by saving one of the above examples as metadata.json and running this:
$ datasette --memory -m metadata.json
Now visit https://www.example.com/ in your browser, open the browser developer console and paste in the following:
fetch("http://127.0.0.1:8001/:memory:.json?sql=select+sqlite_version%28%29").then(r => r.json()).then(console.log)If the plugin is running correctly, you will see the JSON response output to the console.