Skip to content
This repository has been archived by the owner on Jun 15, 2023. It is now read-only.

Remove CORS restriction #46

Closed
ketankr9 opened this issue Jan 8, 2020 · 4 comments
Closed

Remove CORS restriction #46

ketankr9 opened this issue Jan 8, 2020 · 4 comments

Comments

@ketankr9
Copy link

ketankr9 commented Jan 8, 2020
edited
Loading

Please allow cross site access. Especially to /api/ calls, or else browser based applications like browser-extensions can't work.

This can be achieved by editing server_http.go as demonstrated below.

40.	//api call
41.	if strings.HasPrefix(r.URL.Path, "/api/") {
		w.Header().Set("Access-Control-Allow-Origin", "*")   // add this
		w.Header().Set("Access-Control-Allow-Headers", "authorization") //add this

This will also solve the issue that I am having of not being able to read response using a browser-extension from remote simple-torrent server. ketankr9/cloud-torrent-extension#1 (comment)
@ketankr9 ketankr9 changed the title CORS restriction Remove CORS restriction Jan 8, 2020
boypt added a commit that referenced this issue Jan 9, 2020
@boypt
add CORS allow rule to /api/ reqs, see #46
7279a9c
@boypt
Copy link
Owner

boypt commented Jan 9, 2020

added in v1.2.1

@boypt boypt closed this as completed Jan 9, 2020
@boypt
Copy link
Owner

boypt commented Jan 9, 2020

@ketankr9
Glad to see you have an extension project :)

simpletorrent has an undocumented API that can add magnet to the server too:
http://...address:3000/api/magnet?m=maget:...., it's use by the browser ProtocolHandler service.

other APIs are lately documented here: https://github.com/boypt/simple-torrent/wiki/RestfulAPI

@ketankr9
Copy link
Author

ketankr9 commented Jan 9, 2020

Now the browser-extension is able to read response from the simple-torrent server successfully, but only when auth is disabled.

This is the security imposed by the browser, but the server side change can allow browsers to execute requests with Authorization header.

https://github.com/ketankr9/cloud-torrent-extension/tree/auth
PS: I am not good with CORS.

@boypt
Copy link
Owner

boypt commented Jan 9, 2020

Simple Torrent added a pure REST API endpoint that do not follow the authorization, it's intended to communicate with other programs. I think it suits your usage scenario.

See the --rest-api argument

ketankr9 added a commit to ketankr9/simple-torrent that referenced this issue Jan 10, 2020
@ketankr9
Relaxed CORS restriction from /api/ endpoint, see boypt#46
59c8bb4 
Now cross-site xhr-requests can work inside browser(by scripts or extensions) even if the authentication is enabled.
Tested on an extension which uses /api/ endpoint with authentication feature and solves [https://github.com/ketankr9/cloud-torrent-extension/issues/1#issuecomment-570915569](https://github.com/ketankr9/cloud-torrent-extension/issues/1#issuecomment-570915569)
ketankr9 added a commit to ketankr9/simple-torrent that referenced this issue Jan 10, 2020
@ketankr9
Relaxed CORS restriction from /api/ endpoint, see boypt#46
a55227d 
Now cross-site xhr-requests can work inside browser(by scripts or extensions) even if the authentication is enabled.
Tested on an extension which uses /api/ endpoint with authentication feature and solves [https://github.com/ketankr9/cloud-torrent-extension/issues/1#issuecomment-570915569](https://github.com/ketankr9/cloud-torrent-extension/issues/1#issuecomment-570915569)
Note: CORS only affects webHandle
boypt added a commit that referenced this issue Jul 21, 2021
@boypt
Relaxed CORS restriction from /api/ endpoint, see #46 (#47)
732e936 
Now cross-site xhr-requests can work inside browser(by scripts or extensions) even if the authentication is enabled.
Tested on an extension which uses /api/ endpoint with authentication feature and solves [https://github.com/ketankr9/cloud-torrent-extension/issues/1#issuecomment-570915569](https://github.com/ketankr9/cloud-torrent-extension/issues/1#issuecomment-570915569)
Note: CORS only affects webHandle

Co-authored-by: Preston <1033514+boypt@users.noreply.github.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@boypt @ketankr9