Open galargh opened 1 year ago
Sorry for naive question if this was discussed before, but why do we need these CORS headers at all?
Companion should work without asking user to set any special headers, and out e2e tests should validate that it works "out-of-the-box" with IPFS Desktop.
Can we remove explicit values for Access-Control-Allow-Origin, so we test real world use of RPC port?
Currently, we use
Access-Control-Allow-Origin: ["*"]
in our E2E setup. As raised https://github.com/ipfs/ipfs-companion/pull/1121#discussion_r1053853150, we could try to be more explicit with access control.See https://github.com/ipfs/ipfs-companion/pull/1121#discussion_r1071958675 for prior attempts description.