Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bypass CORS in development by proxying Origin headers correctly #82

Closed
wants to merge 1 commit into from
Closed

Bypass CORS in development by proxying Origin headers correctly #82

wants to merge 1 commit into from

Conversation

masylum
Copy link

@masylum masylum commented Sep 22, 2015

🎩 What? Why?

go-ipfs does some kind of poor man's CORS by checking the Origin header.
Current web-ui dev build adds correctly referer header but not the origin one.

How to test

Adding files in development shouldn't return 403 anymore.

👻 GIF

@jbenet jbenet added the status/deferred Conscious decision to pause or backlog label Sep 22, 2015
@masylum masylum force-pushed the feature/bypass-cors-in-developement branch from 0ae8341 to 681c3ca Compare September 22, 2015 07:37
@jbenet
Copy link
Member

jbenet commented Sep 23, 2015

Current dev build adds correctly referer header but not the origin one.

Is this the current go-ipfs build? (@rht could you fix this?)

@jbenet
Copy link
Member

jbenet commented Sep 23, 2015

@diasdavid @dignifiedquire mind CRing this?

@masylum
Copy link
Author

masylum commented Sep 23, 2015

This is against: ipfs version 0.3.8-dev

@dignifiedquire
Copy link
Member

lgtm.

@jbenet any idea how I can pull this into electron-app to test if this solves the issue I was having there?

@daviddias
Copy link
Member

If I understand correctly, this is a fix for only when we run a webui in test mode (from a local webserver) and not from IPFS, right? We can't fake origin header when running from a browser and with no proxy available.

@masylum
Copy link
Author

masylum commented Sep 26, 2015

This is only for the development environment. go-ipfs is trying to validate the port 5001 by checking the Origin header. Since the web app in development mode runs in 3000 the calls to the API return a 403. Same issue probably affects electron-app indeed.

@jbenet
Copy link
Member

jbenet commented Sep 27, 2015

btw, the daemon can be run with CORS settings or disabled (see `ipfs daemon --help). though this probably makes sense for ease of user.

regardless, should we be fixing the origin header in go-ipfs? are missing it over there?

@masylum
Copy link
Author

masylum commented Nov 2, 2015

LGTM or close the PR. This is only for the development environment and makes it more enjoyable to have a working environment by default. It's not obvious nor friendly to have to disable CORS for development.

@masylum masylum closed this Nov 10, 2015
@jbenet jbenet removed the status/deferred Conscious decision to pause or backlog label Nov 10, 2015
@masylum masylum deleted the feature/bypass-cors-in-developement branch November 10, 2015 09:29
@rht rht mentioned this pull request Nov 14, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@masylum @jbenet @dignifiedquire @daviddias