search

solana-developers / solana-actions

https://solana-developers.github.io/solana-actions/
Apache License 2.0
92 stars 38 forks source link

Update CORS headers based on compatibility sRFC #21

Closed tsmbl closed 1 month ago

tsmbl commented 1 month ago

Context & Problem

Based on sRFC https://forum.solana.com/t/srfc-31-compatibility-of-blinks-and-actions/1892

Response headers are proposed to be set by Action developers:

  • X-Action-Version to show what spec version the action API server is using
  • X-Blockchain-Ids to list blockchains the action supports. In the future request headers are proposed to be set by Blink clients:
  • X-Accept-Action-Version to show the max spec version the Blink client supports.
  • X-Accept-Blockchain-Ids to list blockchains the client supports.

Wallets cannot get custom response headers like X-Action-Version and X-Blockchain-Ids by default: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers

Solution

  1. Add Access-Control-Expose-Headers: X-Blockchain-Ids, X-Action-Version to make compatibility metadata available to scripts running in the browser.
  2. Update Access-Control-Allow-Headers to include X-Accept-Action-Version and X-Accept-Blockchain-Ids as a preparation step to support client request headers in the future.