Add CORS headers to Read Only Gateway Default config

[Kubuxu]

This will allow for weider use of local gateway from different sites.

For example: ipfs.pics could use JS to use either their global or user's local gateway.

I might work on piece of JS doing just that but I don't really like JS. 😄

License: MIT
Signed-off-by: Jakub Sztandera kubuxu@protonmail.ch

[whyrusleeping]

I like this idea, but people more knowledgable on http should review this, cc @diasdavid @travisperson @dignifiedquire

[dignifiedquire]

I would suggest adding a test using curl to ensure it works as expected. See here for some details http://stackoverflow.com/questions/12173990/how-can-you-debug-a-cors-request-with-curl

[Kubuxu]

We have tests for CORS headers, this just changes the default.

https://github.com/ipfs/go-ipfs/blob/master/test/sharness/t0112-gateway-cors.sh

[dignifiedquire]

then you should add a test without changing the config so we know the default is working as epxected

[Kubuxu]

I've modified the test.

[ghost]

This LGTM, sorry for the long wait

[ghost]

Also deployed to gateways

[jbenet]

thanks for pushing for that test @dignifiedquire 👍

[jbenet]

Was that test actually created? @Kubuxu ?

[Kubuxu]

The test case is the fact that we don't have to explicitly set those settings in sharness for tests to succeed. See removed config calls.
https://github.com/ipfs/go-ipfs/pull/2778/files#diff-e75071bd34c34a76f7762bfb253223f5L13

[jbenet]

This is not a specific test case. if this fails, it will take a long time to debug because of those other things failing not being super clear. remember that people who are not you will be hit by this. there should be test case that tests this as the first one to fail so debugging + fixing is easy.

[WardCunningham]

Thank you for this.

Here is the federated wiki pull request that benefits from this change.
fedwiki/wiki-client#173

[ghost]

@WardCunningham this change is part of v0.4.3-rc4: https://dist.ipfs.io/go-ipfs/v0.4.3-rc4

[Mithgol]

I have upgraded to go-ipfs version 0.4.5 and then I still don't see Access-Control-Allow-Origin: "*" in response headers of (for example) http://127.0.0.1:8080/ipfs/QmYZUa2E1bsuN37fwzjcawop4wk1kdXxzRyiaGfjKfWM2T though I see such header at https://ipfs.io/ipfs/QmYZUa2E1bsuN37fwzjcawop4wk1kdXxzRyiaGfjKfWM2T without any hindrance.

Does it mean that changes in the default config don't automatically apply to earlier adopters of go-ipfs?

The chat log from fedwiki/wiki-client#173 seems to say they don't:

Then what exactly should I do myself (and recommend to the other IPFS users) to make the necessary changes in the local configuration and enable CORS?

[Kubuxu]

You can run:

ipfs config --json Gateway.HTTPHeaders.Access-Control-Allow-Origin '["*"]'
ipfs config --json Gateway.HTTPHeaders.Access-Control-Allow-Methods '["GET"]'
ipfs config --json Gateway.HTTPHeaders.Access-Control-Allow-Headers '["X-Requested-With"]'

[Mithgol]

Thanks, it has worked.

For future references, on Windows the equivalent commands are

ipfs config --json Gateway.HTTPHeaders.Access-Control-Allow-Origin [\"*\"]
ipfs config --json Gateway.HTTPHeaders.Access-Control-Allow-Methods [\"GET\"]
ipfs config --json Gateway.HTTPHeaders.Access-Control-Allow-Headers [\"X-Requested-With\"]

[ghost]

I still think we should add these to the default config, as suggested here

[Kubuxu]

It is in default config.