Enable CORS options by default #2188
Comments
|
another option, |
|
Does safari support |
|
Judging by that page, I'd assume no - but honestly I haven't tested it. In our nginx configurations where we set CORS, we'll typically use the normal 3 that are required: Maybe we tailor that list specifically to the methods that Leap actually utilizes. I guess speaking of which, does Leap respond to options requests appropriately with the CORS configuration? I've never directly used CORS via Leap, so I am not sure what the capabilities here are. We've always proxied with nginx. |
|
We set CORS in nginx as well. |
We just ran into what we considered to be a mundane API client fix on the wharfkit/antelope library, but it turns out to break functionality with a large portion of API providers out in the wild.
We added
Content-Type: application/jsonto all of our HTTP POST request. Browsers, following this standard, issue either a OPTIONS request alongside of this - which most API providers automatically route to nodeos. The nodeos APIs don't respond to this request with the default config, and so the API request is terminated.To start moving in a direction where the client SDKs can start using the appropriate content types, I'd propose we set the defaults on these parameters to be open, instead of specifying them:
access-control-allow-origindefault to*access-control-allow-headersdefault to*(or a standard CORS subset)If operators would prefer to have more strict settings, they can then use the config file to override them.
Leap 6 being a hardfork and requiring all nodes to update would be an ideal time for this. It would allow us to fix the library after the release of this next version, without breaking the applications or requiring all API operators to update their nodeos/nginx/etc configurations.
The text was updated successfully, but these errors were encountered: