dtonon
commented
11 months ago Open mikedilger opened 1 year ago
dtonon
commented
11 months ago dtonon
commented
11 months ago @mikedilger what you mean with "We need a flag in Relay"? Are you thinking about a checkbox/toggle per relay that enable the origin header?
bu5hm4nn
commented
11 months ago Can we detect if they reject because of missing Origin? Then we could just have a logic that tries again with Origin set and sets a flag for that relay in the database.
But I also feel like that is out-of-spec behavior for the relays, and I'm not sure we should fix it since other clients will struggle with the same issues.
I feel like someone - maybe me - should write a "relay linter" service at some point, could be running on gossip's core, and create a report page that relay operators and users can check.
mikedilger
commented
11 months ago I fought against this and then caved and gave them their stupid header, as there were more important things to do. The problem is/was on their end entirely. Nobody should be trusting an Origin header from a browser anyways.
Maybe we can just take this out and maybe they don't need it anymore? It was a long time ago.
dtonon
commented
11 months ago @mikedilger I would ask Will or Vitor about this, they surely have some experience on the matter.
bu5hm4nn
commented
11 months ago I would assume it was due to a badly configured reverse-proxy/load-balancer. I don't think strfry has any origin requirements or it would be a problem with all strfry servers.
We need a flag in Relay for whether this relay expects an "Origin:" HTTP header (we have no origin, but we can lie to them).
Right now we have hardcoded 2 relays.