Closed happybeing closed 7 years ago
It is indeed. Unless the launcher API were to include 'Access-Control-Allow-Origin' headers we're going to run into this as you're requesting from a different host.
One work around is via a reverse proxy, setting up a local domain for development and then forwarding requests to the API. Though I appreciate that's a bit annoying.
Inside of beaker right now, it's possible to disable 'websecurity' for pages, which will allow X Origin requests through.
(You can add this el.setAttribute('disablewebsecurity', true)
to line 650 of app/shell-window/pages.js
to enable it for the moment, if you want to compile from source)
For dev convenience I'll see about adding a menu toggle for this in the Beaker Dev
menu.
OK, great, thanks.
One thing I'm not clear about because the API docs still refer to needing a proxy, is what API endpoint to use for deployment? (Again, when not using safe-js)
Conclusion: after slack chat with Josh...
Direct HTTP access to SAFE Launcher API is not supported by SAFE Beaker. You must use safe-js only.
This is because the cross origin policy necessary for security (enforced within Beaker) means that access to SAFE Launcher via localhost:8100 will not work, because it breaks this policy and causes CORS errors.
Operation System: Linux Beaker Version: 0.3.0
I want to check my current App works in Beaker before switching from direct requests to safe-js so I have a local server http://localhost:8000 and am using for the launcher endpoint, and hitting a same-origin issue when making the /auth request. Here's the console:
Looking at the network tab I'm not sure what causes this. Is it a browser default to enforce same origin here?