Missing CORS prevents third-party web clients (beehaw.org)

submitted 1 year ago by diamond@beehaw.org to c/support@beehaw.org

11 comments fedilink hide all child comments

Hey Beehaw mods!

I'm currently working on a Lemmy web client, but the lack of proper CORS headers is preventing anything from working :(

I just wanted to ask if the appropriate CORS headers could be added to the front-facing proxy layer. If you're using Caddy, I believe something like this should do the trick:

reverse_proxy ... {
  header_down Access-Control-Allow-Origin *
  header_down Access-Control-Allow-Methods *
  header_down Access-Control-Allow-Headers *
}

Relevant issue: https://github.com/LemmyNet/lemmy/issues/3109

you are viewing a single comment's thread
view the rest of the comments

[+] skullgiver@popplesburger.hilciferous.nl 2 points 1 year ago* (last edited 11 months ago)

[deleted]

[-] diamond@beehaw.org 2 points 1 year ago

Websocket handshakes are done over HTTP. The endpoint for Beehaw's WS API would be wss://beehaw.org/, so it's still going to use the same CORS policies as accessing the / (root) path.

[+] skullgiver@popplesburger.hilciferous.nl 2 points 1 year ago* (last edited 11 months ago)

[deleted]

[-] diamond@beehaw.org 2 points 1 year ago

Huh, interesting. It seems that a WS connection to wss://beehaw.org/api/v3/ws works, but not wss://beehaw.org. I remember reading somewhere that the WS API will eventually be removed, though.

I'll continue development w/ the REST API until I feel like it's in a mostly-working state, and then I'll probably subject myself to the WS API after. Working with the REST API does feel a lot easier.