search

root-gg / plik

Plik is a temporary file upload system (Wetransfer like) in Go.
https://plik.root.gg
Other
1.47k stars 168 forks source link

Plik seems to fail setting the correct headers #445

Closed artemislena closed 2 years ago

artemislena commented 2 years ago

fc17: Our instance (https://plik.artemislena.eu) keeps throwing CORS errors (and not working), due to missing headers, perhaps… and enabling EnhancedWebSecurity doesn't seem to do anything header-wise, i.e. none of the described ones are set, according to curl

camathieu commented 2 years ago

Hello,

I've not played with EnhancedWebSecurity since quite a while I'll give it a freag go. We should try to makes things work without it at first.

I don't get why you would get CORS issues at all unless the Plik server API is on a different domain than the UI, is that your case ?

On Thu, 19 May 2022, 17:57 Artemis, @.***> wrote:

fc17: Our instance (https://plik.artemislena.eu) keeps throwing CORS errors (and not working), due to missing headers, perhaps… and enabling EnhancedWebSecurity doesn't seem to do anything header-wise, i.e. none of the described ones are set, according to curl…

— Reply to this email directly, view it on GitHub https://github.com/root-gg/plik/issues/445, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQ5XPRA7BOG467XJKGY3VDVKZQE5ANCNFSM5WMWIB7Q . You are receiving this because you are subscribed to this thread.Message ID: @.***>

artemislena commented 2 years ago

Oh… it's behind a reverse proxy… does the Host header matter, or something like that?

camathieu commented 2 years ago

To me as long as the static content is served on the same domain than the API there should be no cross domain request occurring hence no CORS issue. I'll take a look at your instance.

On Thu, 19 May 2022, 18:30 Artemis, @.***> wrote:

Oh… it's behind a reverse proxy… does the Host header matter, or something like that?

— Reply to this email directly, view it on GitHub https://github.com/root-gg/plik/issues/445#issuecomment-1131934641, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQ5XPU2AST5FHJRXZU6GUDVKZUAVANCNFSM5WMWIB7Q . You are receiving this because you commented.Message ID: @.***>

artemislena commented 2 years ago

It definitely has to do something with the reverse proxy… it works if accessing it directly; through the LAN address…