Skip to content

Add deploy workflow for standalone CORS proxy #2022

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Dec 3, 2024
Merged

Add deploy workflow for standalone CORS proxy #2022

merged 6 commits into from
Dec 3, 2024

Conversation

brandonpayton
Copy link
Member

Motivation for the change, related issues

It is likely that some folks will attempt to abuse the CORS proxy, and if they succeed despite our defensive measures, we would like to limit the risk of that abuse being associated with the Playground web app itself. Let's separate the CORS proxy from the web app.

Implementation details

This PR adds a workflow to deploy the CORS proxy to a dedicated host.

We need to help folks transition from the CORS proxy on playground.wordpress.net to the proxy on the dedicated host. We could even consider keeping a more restricted version of the proxy on playground.wordpress.net, though having two instances would likely be confusing.

Testing Instructions (or ideally a Blueprint)

  • Manually run the deployment workflow and confirm that the CORS proxy works on the dedicated host.

@brandonpayton brandonpayton self-assigned this Nov 23, 2024
@brandonpayton brandonpayton requested a review from a team November 23, 2024 05:21
@brandonpayton brandonpayton mentioned this pull request Nov 23, 2024
Merged
@adamziel
Copy link
Collaborator

LGTM @brandonpayton, what is the next step here?

@brandonpayton brandonpayton marked this pull request as ready for review December 3, 2024 21:30
@brandonpayton
Copy link
Member Author

LGTM @brandonpayton, what is the next step here?

Thank you for looking, @adamziel. I did a bit more to tighten this up for merging. Now let's go ahead and merge so we can manually trigger a run and test it.

@brandonpayton brandonpayton merged commit 51db66a into trunk Dec 3, 2024
6 checks passed
@brandonpayton brandonpayton deleted the add-separate-cors-proxy-deployment branch December 3, 2024 21:45
@brandonpayton brandonpayton mentioned this pull request Dec 4, 2024
Closed
brandonpayton added a commit that referenced this pull request Dec 4, 2024
@brandonpayton
Restore CORS support to CORS proxy (#2023)
f77ea88 
## Motivation for the change, related issues

We want to move the CORS proxy to a separate host from
playground.wordpress.net. In order to continue using the proxy from
playground.wordpress.net, the CORS proxy needs to support cross-origin
requests to itself.

## Implementation details

This PR updates the CORS proxy to again respond with CORS-related
headers for supported origins. Currently, supported origins are
"https://playground.wordpress.net" and local origins based on
"127.0.0.1" and "localhost".

## Testing Instructions (or ideally a Blueprint)

- Once #2022 is merged, deploy this branch to the dedicated CORS proxy
host.
- Create a Blueprint that uses the dedicated CORS proxy host.
- Confirm the Blueprint works with playground.wordpress.net.
- Confirm the Blueprint works with the local dev server.
@adamziel adamziel mentioned this pull request May 30, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@brandonpayton brandonpayton

Labels
[Package][@wp-playground] CORS Proxy
Projects
No open projects
Playground Board
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@brandonpayton @adamziel