Open NetOpWibby opened 6 years ago
CORS doesn't allow multiple allowed origins, so the options are:
1) Send Access-Control-Allow-Origin: *
and accept security downsides
2) Check if referrer is from [lbry.tech, lbry.io, lbry.fund, ???]
and return Access-Control-Allow-Origin: <allowed_domain>
.
@NetOperatorWibby can you confirm this is working as intended for you now?
@kauffj Just remembered this. It is not working as intended.
SecurityError: The operation is insecure.
This is only with linking images from spee.ch to the meme creator on the Playground. The spee.ch images linked on the community page on .tech work. Publishing with images not served from .tech itself creates the above error.
@NetOperatorWibby can you describe the steps to test this? Alternately, can you verify that it's a problem for all browsers or specific browsers?
@jessopb
/playground
and visit the Publish exampleThis issue affects Firefox and Chrome. The issue persists in production as well.
For the meme creator on .tech, I was linking to images hosted on spee.ch. However, security issues prevented publishing. From MDN: