search

Granola-Team / mina-indexer

The Mina Indexer is a re-imagined version of the software collectively called the "Mina archive node."
Apache License 2.0
18 stars 10 forks source link

GraphQL and REST web endpoints do not allow for CORS #951

Closed n1tranquilla closed 3 months ago

n1tranquilla commented 3 months ago

Response should contain the following in the response header:

Access-Control-Allow-Origin: *
jhult commented 3 months ago

I enabled this at the Cloudflare layer.

However, I am also planning to enable at the Indexer HTTP server layer.

trevorbernard commented 3 months ago

CORS is already enabled in the indexer: https://github.com/Granola-Team/mina-indexer/blob/main/rust/src/web/mod.rs#L53

jhult commented 3 months ago

CORS is already enabled in the indexer: https://github.com/Granola-Team/mina-indexer/blob/main/rust/src/web/mod.rs#L53

Actually, it is not.

Cors::permissive()

All origins, methods, request headers and exposed headers allowed. Credentials supported. Max age 1 hour. Does not send wildcard.

We need to use this:

Cors::send_wildcard

Configures use of wildcard (*) origin in responses when appropriate.

If send_wildcard is set and the allowed_origins parameter is All, a wildcard Access-Control-Allow-Origin response header is sent, rather than the request’s Origin header.

This option CANNOT be used in conjunction with a credential supported configuration. Doing so will result in an error during server startup.

Defaults to disabled.