vtnerd
commented
1 year ago I think this may require a change to monero core, but I'd have to re-test this myself.
Open TechGoku opened 1 year ago
vtnerd
commented
1 year ago I think this may require a change to monero core, but I'd have to re-test this myself.
wasabiwallet
commented
1 year ago Hi, any updates with CORS? Facing the same problem
vtnerd
commented
1 year ago No updates - could you provide a minimal test suite? Presumably in Javascript ?
wasabiwallet
commented
1 year ago To connect to the LWS API from websites with a different domain/IP address than the one where LWS is located, you need to include the "Access-Control-Allow-Origin" header in the response from the LWS server. Its value can be set to "*" to allow connections from any domain and IP address, or it can be set to the specific domain/IP address the user wants to grant access to. If this header is absent, browsers will display an error message in the console: "Access to resource has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource" (e.g., in Chrome).
CryptoGrampy
commented
1 year ago No updates - could you provide a minimal test suite? Presumably in Javascript ?
Hi VTNerd- This is still an issue. Save this as an html file, update the main address, secret view key and the LWS url and open it in your browser and click the button. There will be a CORS error in the console and network tab. If you use a CORS disable extension for your browser, you'll see that the request succeeds.
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<title>LWS Fetch API POST Request Example</title>
</head>
<body>
<button id="lwsButton">Make LWS POST Request</button>
<script>
const myButton = document.getElementById("lwsButton");
myButton.addEventListener("click", async () => {
const url = "http://localhost:8000/get_address_txs";
const options = {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
address: "yourMainAddressHere",
view_key: "yourSecretViewKeyHere",
}),
};
try {
const response = await fetch(url, options);
const responseData = await response.json();
console.log(responseData);
} catch (error) {
console.error(error);
}
});
</script>
</body>
</html>
And CORS seems to work fine with Monerod (setting the access control config option). There are a number of 'browser compatible' nodes: https://monero.fail/?chain=monero&network=mainnet&cors=on .. There just seems to be something funky with LWS and CORS config. I have never been able to get it to work and have to proxy all of my calls.
vtnerd
commented
11 months ago And CORS seems to work fine with Monerod (setting the access control config option).
LWS is using the same CORS code as monerod, so I don't understand what's preventing it from working.
lalanza808
commented
10 months ago I'm running with --access-control-origin "*" and can report on this:
I don't have any issues with local stuff - my flask app is able to hit LWS without issue and JS on web pages is as well.
@CryptoGrampy 's sample code actually works for me - CORS is not an issue with simple ajax request.
In @TechGoku 's example, I'm guessing they are running mymonero-web-js (because of port 9110 being bound). If that is indeed the case, the issue is with the axios http client, this setting in an upstream MyMonero package. They hard coded this value. Flipping it to false manually in your node_modules is a temporary fix.
Access to XMLHttpRequest at 'http://127.0.0.1:8443/login' from origin 'http://127.0.0.1:9110' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. index.js:98 ❌ Error: Connection Failure
i have added --access-control-origin http://127.0.0.1:9110 . while running lws daemon . but still i am facing this issue .