Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS problems when anywhere other than localhost #7

Open
gdunstone opened this issue Jun 23, 2021 · 7 comments
Open

CORS problems when anywhere other than localhost #7

gdunstone opened this issue Jun 23, 2021 · 7 comments

Comments

@gdunstone
Copy link
Contributor

When hosting this on anything other than localhost, I get CORS errors when viewing a show.

I get CORS Missing Allow Origin.

I dont think that doing the API requests from the browser is the best idea. The server app should also act as a proxy for the browsers API calls.
@king-millez
Copy link
Member

That's most likely a header issue in the XHR request, I can fix that at some point.

Doing the API calls from the browser compared to the server would make no difference I'm pretty sure, it'd just slow the application down if I ever host it on a domain.

@gdunstone
Copy link
Contributor Author

the Origin header is a protected header, in-browser JavaScript wont let you change it.

Slowing it down slightly is an acceptable tradeoff for having more control over the requests that are sent to the api.

@king-millez
Copy link
Member

Could you paste the request (including headers) + the response error from devtools here please?

@gdunstone
Copy link
Contributor Author

Request headers:

GET /auth/hls/sign?ts=1624600569&hn=TASM202013384710&d=android-tablet&sig=f1fed20debd388c56eb7c8cf8cd6831a1ee1828744a75694f7a4cb653991a651 HTTP/1.1
Host: iview.abc.net.au
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://iview.dunwell.xyz
DNT: 1
Connection: keep-alive
Referer: https://iview.dunwell.xyz/
Pragma: no-cache
Cache-Control: no-cache

Response headers:

app: iview-api-production-i-0b3ec9f691b083bdb
content-encoding: gzip
content-type: application/json
env: production
server: nginx/1.18.0 (Ubuntu)
ssl: 1
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-robots-tag: noindex
x-server: iview-api-production-i-0b3ec9f691b083bdb
x-xss-protection: 1; mode=block
content-length: 107
expires: Fri, 25 Jun 2021 05:56:10 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 25 Jun 2021 05:56:10 GMT
set-cookie: ABCGuestID=23.32.5.161.154751624600570942; expires=Mon, 31-Dec-2038 23:59:59 GMT; path=/; domain=.abc.net.au
vary: Accept-Encoding, Origin
X-Firefox-Spdy: h2

@king-millez
Copy link
Member

Oh so the browser's giving you the error - not the iView site?

@gdunstone
Copy link
Contributor Author

Yeah because the browser is making the request and the iview api has strict Cors

@gdunstone
Copy link
Contributor Author

I fixed this in my branch here: https://github.com/gdunstone/iview-proxy/tree/proxy-requests

Ill create a pull request once my other pr is accepted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gdunstone @king-millez