karelbilek
commented
6 years ago It seems CORS are not set at all in the django app.
Open karelbilek opened 6 years ago
karelbilek
commented
6 years ago It seems CORS are not set at all in the django app.
benadida
commented
6 years ago What do you want CORS headers on? The election info URL?
karelbilek
commented
6 years ago For independent voting booth :)
benadida
commented
6 years ago Right, I'm just trying to make sure that we only open up CORS on limited URLs.. Would you be able to help by identifying which URLs you need available over CORS as you build an independent voting booth?
karelbilek
commented
6 years ago I did not try to build my own per se; I tried this directory - https://github.com/benadida/helios-server/tree/master/heliosbooth - on localhost.
karelbilek
commented
4 months ago I still think it's not possible to run helios booth independently; or at least I don't know how
karelbilek
commented
4 months ago ....aaaand yeah, the /meta URL still returns wrong CORS headers when run from localhost.
I think it should be possible to have an independent voting booth, which will ensure that there is no hidden JS on server that tracks who votes what.
karelbilek
commented
4 months ago it might be possible to get around that by instead of raw HTML/browser fetch, wrapping it in electron and fake the CORS headers in node.js. 🤷
if I still wanted to do an independent voting booth now, I would probably do that.
I will keep this open though
I want to try independent voting booth using official Helios server
However, the web does not have CORS headers, so you cannot do independent booths.
(The booth crashes on get_randomness; I can shim it somehow, but it will probably crash elsewhere anyway.)