Closed AidanTilgner closed 2 years ago
AidanTilgner
commented
2 years ago This is started. I've decided I don't want a full proxy because of the added complication of handling complex formData like files. This is at least for now. This issue will remain open as I think about what to do here.
Do I want a more complex proxy, or just one that can handle JSON requests?
AidanTilgner
commented
2 years ago Maybe look into HTTP Proxy server for this, the endpoint could route to the proxy server instead of trying to handle this manually.
AidanTilgner
commented
2 years ago I've decided that instead of a catchall proxy, for now, there doesn't need to be one, especially since that could potentially lead to security vulnerabilities. If there is a request that needs to be made, it should be be made via a predefined, and hard to configure endpoint, with authentication. Such as the /proxy/package endpoint in the Applications server.
Different widgets are going to use different requests, but the basic idea would be the same. The way to avoid CORS errors across the board would be to use a single method for these requests complete with the right config.
Better yet, the request hook can utilize a proxy in the Application server gateway. This would be preferred as then all traffic can be easily monitored, logged, and lots of other things. If we have a centralized gateway to the other services for the applications then CORs stuff becomes easier to deal with as well.