search

CounterpartyXCP / counterparty-core

Counterparty Protocol Reference Implementation
http://counterparty.io
MIT License
287 stars 205 forks source link

New CORS Settings #2419

Open droplister opened 2 weeks ago

droplister commented 2 weeks ago

Is there info on how the new release changes things with cors. I'm wondering if I need to change my settings.

I'm making a low-rent mint tool here: https://www.xcp.io/mint

And I'm trying to have the client call /compose and getting...

Access to XMLHttpRequest at 'https://api.counterparty.info/v2/addresses/19QWXpMXeLkoEKEJv2xo9rn8wkPCyxACSX/compose/fairmint' from origin 'https://www.xcp.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
droplister commented 2 weeks ago

Stupid - I was doing a post instead of a get. ugh!

droplister commented 2 weeks ago

Nope that wasnt it.

ouziel-slama commented 1 week ago

hum.. this header is present :

$ curl -i "https://api.counterparty.io:4000/v2/"
HTTP/2 200 
server: gunicorn
date: Wed, 23 Oct 2024 11:29:31 GMT
content-type: application/json
content-length: 372
x-counterparty-height: 866988
x-counterparty-ready: True
x-counterparty-version: 10.5.0-alpha.3
x-bitcoin-height: 866988
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: *
via: 1.1 google
alt-svc: clear
JavierCervilla commented 1 week ago

im geting cors error on some routes like v2

adamkrellenstein commented 1 week ago

@JavierCervilla we need more information to debug this. What exact requests? Can you replicate it with cURL / HTTPie? As far as we know, all of the headers are being sent.

adamkrellenstein commented 4 days ago

Okay when I made an OPTIONSrequest I didn't get the headers:

> http OPTIONS https://api.counterparty.io:4000/v2
HTTP/1.1 200 OK
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content-Length: 0
content-type: text/html; charset=utf-8
date: Wed, 30 Oct 2024 20:23:38 GMT
server: gunicorn
via: 1.1 google

and I'm now manually injecting them at the LB-level:

> http OPTIONS https://api.counterparty.io:4000/v2
HTTP/1.1 200 OK
Alt-Svc: clear
Content-Length: 0
access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
content-type: text/html; charset=utf-8
date: Wed, 30 Oct 2024 20:34:14 GMT
server: gunicorn
via: 1.1 google

but you can see they're still missing on testnet:

> http OPTIONS https://api.counterparty.io:14000/v2
HTTP/1.1 200 OK
Alt-Svc: clear
Content-Length: 0
content-type: text/html; charset=utf-8
date: Wed, 30 Oct 2024 20:35:26 GMT
server: gunicorn
via: 1.1 google
adamkrellenstein commented 4 days ago

I see this behavior is tested here where this code was modified most recently:

https://github.com/CounterpartyXCP/counterparty-core/commit/9cbfd69832c0ac5093a1e6ff87ba4dfa311a7c1d

so something is wonky.

adamkrellenstein commented 4 days ago

verified the headers are missing on localhost too, so they're not getting stripped