Open karelbilek opened 6 years ago
It seems CORS are not set at all in the django app.
What do you want CORS headers on? The election info URL?
For independent voting booth :)
Right, I'm just trying to make sure that we only open up CORS on limited URLs.. Would you be able to help by identifying which URLs you need available over CORS as you build an independent voting booth?
I did not try to build my own per se; I tried this directory - https://github.com/benadida/helios-server/tree/master/heliosbooth - on localhost.
I still think it's not possible to run helios booth independently; or at least I don't know how
....aaaand yeah, the /meta URL still returns wrong CORS headers when run from localhost.
I think it should be possible to have an independent voting booth, which will ensure that there is no hidden JS on server that tracks who votes what.
it might be possible to get around that by instead of raw HTML/browser fetch, wrapping it in electron and fake the CORS headers in node.js. 🤷
if I still wanted to do an independent voting booth now, I would probably do that.
I will keep this open though
I want to try independent voting booth using official Helios server
However, the web does not have CORS headers, so you cannot do independent booths.
(The booth crashes on get_randomness; I can shim it somehow, but it will probably crash elsewhere anyway.)