Skip to content

Relax server-side CORS #111

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
Relax server-side CORS#111
@empmud

Description

@empmud
empmud
opened on Jan 18, 2021

Local development cannot be done on Firefox, only Chromium with a secondary user profile and a disable security flag. This is because CORS preflight requests receive HTTP 500 responses to their OPTIONS requests.

It might be possible for an extension to modify the CORS preflight request, but I none of the ones I've tried can rewrite an error response into a success response.

It would be nice if the server allowed any origin to connect to the chat endpoints.

Example preflight request

Request URL: https://www.hackmud.com/mobile/get_token.json
Request method: OPTIONS
Status code: 500
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://nothackmud.com/
Origin: http://nothackmud.com/

An alternative might be to add a server-side proxy for development: Route requests to the node.js server who hands them off to the original hackmud server. This avoids CORS by being on the same domain, but that's a bit of a fiddle when the server could be amended.

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions