Closed karpana closed 2 years ago
As far as I know, you can run one CORS server on your RP4 and put it behind a reverse proxy under a unique name like cors.domain.net
.
There are two things to consider:
https://localhost:8443/cors/https://syrinscape.com/online/frontend-api/
When my campaign is hosted on xyz.eu.forge-vtt.com/game
Then you are 100% sure that only you can use CORS. It's the best option for security, but it's inconvenient because every time you change the PC, you need to install and set up CORS.
It also means it has to be available to your browser, either by making it public to the whole world or your intranet or local network.
campaign.domain.net
AND by hardwiring that only Syrinscape Online Frontend API can be the target.
I would even consider doing an IP allowlist.By doing so, you make sure that no one can use CORS to, for example, attack your internal network.
so to clarify ... the https://localhost:8443/cors/https://syrinscape.com/online/frontend-api/
URL is not the URL from the context of the server (in my case, RPI in my own network), but rather the URL from the context of the GM's PC?
Yes, that is correct. AFAIK all FoundryVTT modules are running on a browser-side instead of a server-side. Otherwise, CORS wouldn't be a problem because CORS is a browser feature and does not exist on a server-side.
@karpana - Is this issue solved?
Officially no.
But the issues are on my side with trying to get cors to work.
This ticket/question can be closed
Since the CORS issue is out of my jurisdiction I would recommend writing a comment here: https://forum.syrinscape.com/t/syrincontrol-wip-foundryvtt-module-integration/13274 to show Syrinscape Team how important it is.
TL;DR Does the CORS-anywhere service/app need to be 'presented' to Foundry server within the same domain that's running a foundry instance? Or can I run it on a different server/device?
Backgrounder: I run my foundry setup on a self-hosted Raspberry Pi 4. This physical server, is running 4 separate copies of the foundry Server, each running a different campaign. This setup is required to allow my players to access their character sheets, journal notes, etc... at any time, without any involvement from me. To facilitate the "distinction" of these 4 servers, each is served up behind a reverse proxy, with each having it's own FQDN. e.g.
campaign1.domain.net
,campaign2.domain.net
, etc...While I have Syrinscape working fine in all 4 campaigns using the CSV model, it's quite the pain to keep on top of the updates coming from Syrinscape, and I'm wanting to move to CORS-anywhere.
What I can't figure out is where CORS-anywhere should be "presented" from a foundry perspective? Can I have a single CORS-anywhere instanced running on a different host/server for all the instances to share? Do I have to run this single instance on the server hosting my 4 foundry VTT instances? Or do I need to have 4 copies of the CORS-anywhere stack running inside my host? Does the cors-anywhere instance need to be on my reverse proxy?