Enable CORS for adjacent domains

A curated wishlist for GitHub's APIs.


Enable CORS for adjacent domains

Domains such as uploads.github.com, codeland.github.com, pipelines.actions.githubusercontent.com, and GitHubs *.s3.amazonaws.com should have the same CORS settings as api.github.com

Why

Several REST API endpoints are currently unusable for browsers due to the usage of different domains and their CORS settings. The same APIs work on GitHub Enterprise Server where the domain remains the same in most cases.

The adjacent domains would ideally also support the HEAD method, which is currently not the case for pipelines.actions.githubusercontent.com.

Workarounds

There are no possible workarounds due to the browser’s security model.

Use case


back