Simon Willison

I'm inclined to consider [Pydantic](https://pydantic-docs.helpmanual.io/) for this, since it is widely used now and can generate really good error messages.

Did some related research work in this issue: - https://github.com/simonw/shot-scraper/issues/28

# Datasette 1.0 alpha 1 This alpha release is a preview of Datasette 1.0. Datasette 1.0 marks a significant milestone in the project: it is the point from which various...

## Redesigned template context **Warning:** if you use any custom templates with your Datasette instance they are likely to break when you upgrade to 1.0. The template context has been...

Does this plugin do everything you need? https://github.com/simonw/datasette-cors I'm open to arguments as to why this should be in core rather than in a plugin - I'm on the fence...

That's a very convincing argument. I'm keen on making sure Datasette is "secure by default" so you're right, encouraging finely grains CORS rules in core rather than leaving that to...

This may involve a breaking change to the CLI settings interface, so I'm adding this to the 1.0 milestone.

I think the right way to do this is to support multiple optional `--cors-origin=` pattern values, like you suggested.

The way Drupal does this is interesting; https://www.drupal.org/node/2715637 - it supports the following YAML: ```yaml # Configure Cross-Site HTTP requests (CORS). # Read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS # for more information about the...

- #262 - #782 - #1509