[asterisk-dev] Coming changes to ari.conf

Paul Belanger paul.belanger at polybeacon.com
Fri Jul 12 16:13:29 CDT 2013


On 13-07-11 10:39 AM, David M. Lee wrote:
> For anyone playing around with ARI, there's a couple of changes coming up soon that will affect your ari.conf file.
>
> First, I am about to change the user config to be more consistent with the Asterisk way of configuring sections. Now, instead of:
>    [user-admin]
>    password = peekaboo
>
> A user section will be:
>    [admin]
>    type = user
>    password = peekaboo ; not a recommended password
>
> Another change coming soon is Cross-Origin Resource Sharing configuration. If you'd like to learn more about CORS, or have trouble sleeping at night, you can read the spec[1]. It's a protocol that lets you get around the same origin policy in browsers. So far, we've defaulted to allowing all origins. In the next day or two, the default will change to allow no origins. This is configured in the [general] section of ari.conf. Use '*' to allow all origins (not recommended for production).
>
>    [general]
>    allowed_origins = * ; not at all secure, but it works
>
>   [1]: http://www.w3.org/TR/cors/
>
Any chance you an also add the CORS patch to the AMI HTTP interface? 
Right now we run a thin proxy in front of our Asterisk boxes simply for 
this functionality.

-- 
Paul Belanger | PolyBeacon, Inc.
Jabber: paul.belanger at polybeacon.com | IRC: pabelanger (Freenode)
Github: https://github.com/pabelanger | Twitter: 
https://twitter.com/pabelanger



More information about the asterisk-dev mailing list