search

tdex-network / tdex-daemon

Go implementation of the TDEX Beta Daemon
https://tdex.network
MIT License
11 stars 13 forks source link

[tdexconnect] Enable CORS #634

Closed altafan closed 2 years ago

altafan commented 2 years ago

I tried to run the dashboard (from browser) and pair it with an insecure daemon (v0.8.15) via tdexdconnect url but there's a connection issue and the request fails with error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:9000/tdexdconnect. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 404.

At the moment, the daemon's internal routing handler dispatch requests to grpc-gateway server only if they are GET or contain Content-Type: application/json header, but we should allow also CORS

tiero commented 2 years ago

GET request have no CORS restrictions, only POST do.

But yes never noticed because usually I served tdex daemons under https

altafan commented 2 years ago

In general, all requests are preceded by an pre-flight OPTION one and we don't have any check for this in our router.

Not sure that enabling/disabling TLS does make any difference actually.