search

ainblockchain / ain-blockchain

Official Javascript implementation of AI Network Blockchain.
https://www.ainetwork.ai/
MIT License
68 stars 27 forks source link

Need to allow dynamic cors whitelisting #1275

Closed platfowner closed 2 months ago

platfowner commented 2 months ago

We need to allow dynamic cors whitelisting.

https://github.com/ainblockchain/ain-blockchain/blob/master/client/middleware.js#L40

Related issues:

cc: @jiyoung-an

platfowner commented 2 months ago

Some sample curl command lines for debugging / testing:

curl http://localhost:8081/json-rpc -X POST -H "Origin: http://aina.ainetwork.ai" --verbose -H "Content-Type: application/json" -d '{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "ain_getAddress",
  "params": {
    "protoVer": "1.1.3"
  }
}'

curl http://localhost:8081/json-rpc -X POST -H "Origin: http://other.example.com" --verbose -H "Content-Type: application/json" -d '{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "ain_getAddress",
  "params": {
    "protoVer": "1.1.3"
  }
}'

curl http://localhost:8081/json-rpc \
  -H "Origin: http://aina.ainetwork.ai" \
  -H "Access-Control-Request-Method: POST" \
  -H "Access-Control-Request-Headers: X-Requested-With" \
  -X OPTIONS --verbose

curl http://localhost:8081/json-rpc \
  -H "Origin: http://other.example.com" \
  -H "Access-Control-Request-Method: POST" \
  -H "Access-Control-Request-Headers: X-Requested-With" \
  -X OPTIONS --verbose
platfowner commented 2 months ago

dynamic origin: https://www.npmjs.com/package/cors#configuring-cors-w-dynamic-origin

platfowner commented 2 months ago

After some considerations, just decided not to use dynamic origin of cors package for performance reasons.

platfowner commented 2 months ago

For performance reasons, just decided not to support it for now.