Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check if we can access the template before using the CORS proxy #687

Merged
merged 2 commits into from
Oct 20, 2023
Merged

Check if we can access the template before using the CORS proxy #687

merged 2 commits into from
Oct 20, 2023

Conversation

april83c
Copy link
Contributor

@april83c april83c commented Oct 14, 2023
edited
Loading

When loading a template, the current behavior is to check if the template URL's domain is on the safe hosts list (a list of websites that serve CORS headers that allow Pxls to load that template), and if it's not on the safe hosts list, use the CORS proxy.

This means that if a template that isn't on the safe hosts list serves CORS headers that allow Pxls to load it, it will still get proxied through the CORS proxy, even though we could load it directly.

This pull request adds a check where it sends a HEAD request to the template URL to see if it's allowed to load it, and if it is, then it doesn't use the CORS proxy.

@april83c
Copy link
Contributor Author

april83c commented Oct 14, 2023
edited
Loading

For testing this PR, I set up some test templates:

@BlankParenthesis
Copy link
Contributor

I have tested this and it appears to work well despite one minor thing: the cors function is used in more than the one place it has been edited to be awaited. This means that templates fail to load when using webgl template render.

Changing the request on line 278 of template.js to something like self.cors(self.options.style).then((url) => fetch(url, { should resolve this without needing to make the whole _update function also async (and propagating that).

@april83c
Copy link
Contributor Author

I have tested this and it appears to work well despite one minor thing: the cors function is used in more than the one place it has been edited to be awaited. This means that templates fail to load when using webgl template render.

Changing the request on line 278 of template.js to something like self.cors(self.options.style).then((url) => fetch(url, { should resolve this without needing to make the whole _update function also async (and propagating that).

Ah, sorry, didn't catch that. I'll fix it in a bit.

@april83c
Copy link
Contributor Author

Works fine after this latest commit afaict

@BlankParenthesis
Copy link
Contributor

Seems to be good to me 👍

@BlankParenthesis BlankParenthesis merged commit 02c1d50 into pxlsspace:master Oct 20, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@april83c @BlankParenthesis