CORS preflight for .well-known/webfinger

Hello =)

I’m implementing a custom nextcloud app with an API available via CORS. As a final step I created an IHandler to return a JrdResponse. The idea is to enable a webapp (hosted anywhere) to discover the service provided via the nextcloud app via webfinger. Unfortunately it appears that it’s not possible to enable CORS-headers for CORS preflight requests to .well-known/webfinger within an app’s scope. (I would rather avoid modifying the webserver configuration as this would not be compatible with every installation scenario). Could I be missing something or is this genuinely not supported?

Hello and sorry for the late answer.

I tried do find a good solution for you but failed. Thus, I asked one of the server devs. There was no positive result: it seems that NC does handle the use of CORS rather minimally and focus on direct interaction of the server with the user (via browser or app).

The problem with CORS is present as well within other contexts, normal controller methods need to enable CORS explicitly. Most app devs do not consider CORS, as it works on the browser out of the box as no CORS is needed on the web frontend.

I am sorry