search

appwrite / sdk-for-web

[READ-ONLY] Official Appwrite Web SDK ๐Ÿงก
https://appwrite.io
BSD 3-Clause "New" or "Revised" License
288 stars 63 forks source link

๐Ÿ› Bug Report: Origin localhost not allowed when fetching file #30

Closed lkoehl closed 1 year ago

lkoehl commented 2 years ago

๐Ÿ‘Ÿ Reproduction steps

Running a local instance of appwrite, use Safari as a browser and fetching data from a link returned by getFileView

const url = storage.getFileView(BUCKET_ID, fileId);
axios
  .get(url.href)
  .then((response) => console.log(response))
  .catch((error) => console.log(error));

๐Ÿ‘ Expected behavior

Returns the data from the file.

๐Ÿ‘Ž Actual Behavior

[Error] XMLHttpRequest cannot load http://localhost/v1/storage/buckets/62e3ed0fc097798c4bfe/files/62e3ed7e4eafee1a50d1/view?project=625ec35b68a2dcb2d0fd due to access control checks.
[Error] Failed to load resource: Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin. Status code: 200 (view, line 0)

๐ŸŽฒ Appwrite version

Version 0.9.x

๐Ÿ’ป Operating system

MacOS

๐Ÿงฑ Your Environment

No response

๐Ÿ‘€ Have you spent some time to check if this issue has been raised before?

๐Ÿข Have you read the Code of Conduct?

stnguyen90 commented 2 years ago

@lkoehl, thanks for raising this issue! ๐Ÿ™ I tried to reproduce your issue, but I was able to successfully fetch a markdown file and get the text. Would you please make sure your project ID is correct and use https for your endpoint?

lkoehl commented 2 years ago

@stnguyen90 thanks. It's works with Safari when setting the endpoint to https://localhost/v1. Maybe the README needs an update?

https://github.com/appwrite/sdk-for-web/blob/cfc9baa0d265d7ce8f53ca8b10ee870f169f8add/README.md?plain=1#L47-L58

stnguyen90 commented 2 years ago

@gewenyu99, thoughts on making all of our examples use HTTPS since sometimes there's weird behavior when using HTTP (due to how browsers handle cookies and/or redirects)?

stnguyen90 commented 2 years ago

@gewenyu99, we seem to be inconsistent. Most are HTTPS except:

  1. swift-client
  2. dotnet
  3. web
  4. cli
gewenyu99 commented 2 years ago

I agree. I want to make everything https. This will be true esp. for cloud anyway. I have this written down in the doc contribution guide draft :)

TorstenDittmann commented 2 years ago

Localhost and https can create issues on top without any configuration. We should double check that.

Thinking about local dev servers that connect to Appwrite which don't support https oob. Then you run into http -> https conflicts.

This issue only occurs in browsers, that's why non-browser sdks might target https.

gewenyu99 commented 1 year ago

Localhost and https can create issues on top without any configuration. We should double check that.

Thinking about local dev servers that connect to Appwrite which don't support https oob. Then you run into http -> https conflicts.

This issue only occurs in browsers, that's why non-browser sdks might target https.

I think the real solution will be when we have cloud ;)

Then we can just use the cloud URL as the default example.