CORS issue affecting payments to our lightning addresses from browsers

GaloyMoney / galoy-pay

A web application that can be used to send tips or payments to users

MIT License

22 stars 35 forks source link

CORS issue affecting payments to our lightning addresses from browsers #527

Closed vindard closed 1 year ago

vindard commented 1 year ago

Description

We can't seem to receive payments in nostr browser clients when folks use things like Alby. It seems like the issue has been diagnosed as a CORS one. More details in the nostr thread below:

https://primal.net/e/note1qj0333p2cc5rx6tgdqfqlsdpj8g7f5ytvs3unavhnm2sqx53m94qa6w3u4

nicolasburtey commented 1 year ago

@vindard do you know an easy way to reproduce the issue?

vindard commented 1 year ago

@vindard do you know an easy way to reproduce the issue?

Not sure about a good dev flow for reproducing, but you can observe it if you go to https://snort.social/p/npub1andrewygazdj6k05g3u6nu6vaerhlxhctep0nml94ffh9qqntw9strrxaw and try to zap @agbegin's profile with Alby.

If you have the console open and CORS errors set to populate, you'll see the CORS errors popping up and you wouldn't be able to generate an invoice for zapping.

You can also see it in the Network tab

dolcalmi commented 1 year ago

@vindard do you know an easy way to reproduce the issue?

request this https://blink.sv/.well-known/lnurlp/agbegin and check the headers. we are not returning the proper headers... :thinking: maybe are being filter by ingress? or did we change something in galoy pay?

vindard commented 1 year ago

Fixed with this change. Looks like it was only an issue with CORS header missing from responses from blink.sv, but bbw.sv and galoy.io domains were fine

https://github.com/GaloyMoney/galoy-deployments/pull/4562