Skip to content

fix(gateway): include CORS on subdomain redirects#9994

Merged
hacdias merged 2 commits intomasterfrom
fix/http-options-on-subdomains
Jun 27, 2023
Merged

fix(gateway): include CORS on subdomain redirects#9994
hacdias merged 2 commits intomasterfrom
fix/http-options-on-subdomains

Conversation

@lidel
Copy link
Copy Markdown
Member

@lidel lidel commented Jun 26, 2023
edited
Loading

This PR closes #9983 which is regression since 0.20.
We should include this fix in Kubo 0.21 (#9814).

Depends on ipfs/boxo#395

@lidel lidel requested review from hacdias and laurentsenta June 26, 2023 22:47
@lidel lidel force-pushed the fix/http-options-on-subdomains branch 2 times, most recently from 6258061 to b04e2f8 Compare June 26, 2023 22:57
@lidel lidel marked this pull request as ready for review June 26, 2023 23:15
@lidel lidel requested a review from a team as a code owner June 26, 2023 23:15
@lidel lidel mentioned this pull request Jun 26, 2023
Closed
3 tasks
@hacdias hacdias force-pushed the fix/http-options-on-subdomains branch from b04e2f8 to fe9b641 Compare June 27, 2023 11:03
@hacdias hacdias enabled auto-merge (squash) June 27, 2023 11:04
@hacdias hacdias merged commit 3da4e5b into master Jun 27, 2023
@hacdias hacdias deleted the fix/http-options-on-subdomains branch June 27, 2023 11:14
hacdias pushed a commit that referenced this pull request Jun 29, 2023
@lidel @hacdias
fix(gateway): include CORS on subdomain redirects (#9994)
9737e88 
(cherry picked from commit 3da4e5b)
lidel
lidel commented Jun 30, 2023
View reviewed changes
config/init.go
Comment on lines -70 to -74
HTTPHeaders: map[string][]string{
"Access-Control-Allow-Origin": {"*"},
"Access-Control-Allow-Methods": {"GET"},
"Access-Control-Allow-Headers": {"X-Requested-With", "Range", "User-Agent"},
},
Copy link
Copy Markdown
Member Author

@lidel lidel Jun 26, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ℹ️ These are legacy values that were hardcoded since years ago, but no longer necessary. AddAccessControlHeaders from boxo/gateway ensures safe defaults are added if user did not pass own, and these values are already there, so we can remove them from config – they were not used/redundant for a while, even before we moved gateway code to boxo.

No need to write migration, as this is subset of what boxo/gateway sets anyway + we have tests in this PR that confirm these headers are will present even when missing from config.

This was referenced Jun 30, 2023
Closed
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hacdias hacdias hacdias approved these changes

@laurentsenta laurentsenta Awaiting requested review from laurentsenta

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

webui: CORS issue on Peers page breaks geoip

2 participants

@lidel @hacdias