search

SthephanShinkufag / bytebeat-composer

Bytebeat player with a collection of many formulas from around the internet.
https://dollchan.net/bytebeat/
MIT License
85 stars 26 forks source link

Q: Library Access-Control-Allow-Origin #74

Closed Chasyxx closed 10 months ago

Chasyxx commented 1 year ago

I'm currently trying to keep the library up to date. I'm trying to test whether loading the library files from dollchan could work, but i'm immeadiately running into a CORS error regarding Access-Control-Allow-Origin. The request gave no ruling, so by default it only allowed dE itself to access the files (therefore blocking me from trying this method.) I just want to ask, with no offense or upset intended: is this intentional? i haven't personally run a server publicly myself (and i probably can't in my position), so i don't really know much about this

SthephanShinkufag commented 1 year ago

This is the default behavior for most of sites to block crossdomain requests, for security reasons. This could be on your side or mine.

SthephanShinkufag commented 1 year ago

If you make requests from your site and your site gives you this error, then you have configured your server incorrectly - its cross-domain policy does not allow you to do this. If you run some kind of client script on the page with my player, then this is on my side.

Chasyxx commented 9 months ago

If you make requests from your site and your site gives you this error, then you have configured your server incorrectly - its cross-domain policy does not allow you to do this.

I don't know how to or believe i even can configure the GitHub pages servers. If you meant the server hosting my site, i tried with my node.js private testing server, and as a quick test, had it display Access-Control-Allow-Origin: * on all responses. Opening a console on the page loaded from the testing server and running await fetch("https://dollchan.net/bytebeat/library/big-js.json"), the request is blocked by the browser for a bad CORS option.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://dollchan.net/bytebeat/library/big-js.json. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.

It gives a learn more link as well. Quoting this link,

What went wrong?

The response to the CORS request is missing the required Access-Control-Allow-Origin header, which is used to determine whether or not the resource can be accessed by content operating within the current origin.

If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value.

I can make the conclusion this this is from the response from your server. It doesn't give the CORS value, so the browser defaults to Same Origin, and so I can't get the dollchan library from CHASYXX.

The solution is the one listed in the quote (Allow the files by adding the Access-Control-Allow-Origin in the response), either on the main site (perhaps restricted to the library folder, though I don't know nginx or if this is possible), or through a seperate public API.