You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using Kenku to provide music to for my (Foundry) VTT-based game in Discord.
Preferrably I'd like to control the music & sounds from within the VTT, which is in theory possible using JavaScript-based Macros that make calls to the Kenku API.
However since fastify does not sent any CORS headers, most if not all current browsers will not allow requests from the domain where my VTT is hosted to localhost where Kenku is running.
I was able to add the required headers by forking the project, but I would prefer it if this possibility could be incorporated into the mainline branch.
From a security point of view, the approach I've taken in my fork (allowing CORS requests from all domains) is quite "quick and dirty". For integrating this into the upstream it should at least be optional (that is, CORS requests have to be enabled explicitly in the API settings) or, even better, have a configurable domain name in the API settings for which CORS requests are allowed.
I would gladly implement the required configuration, but the policy states no feature PRs are accepted so I did not (yet ) see much sense in that.
The text was updated successfully, but these errors were encountered:
Describe the bug
I'm working on Owlbear Rodeo addon for Kenku FM control and can not achieve desirable result without having to do a custom build of Kenku.
I'm facing this bug:
When connecting to my Kenku FM instance from the browser it gives CORS error because there is no cross origin allowed.
To Reproduce
Steps to reproduce the behavior:
Open Kenku FM
Enable Remote control with default settings (127.0.0.1:3333)
Go to https://google.com/
Open developer console
run fetch('http://127.0.0.1:3333/v1/playlist')
Error: Access to fetch at 'http://127.0.0.1:3333/v1/playlist' from origin 'https://www.google.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Expected behavior
Returned list of playlists as specified in documentation
Screenshots
None
Desktop (please complete the following information):
OS: MacOS
Version: Monterey (M1)
Additional context
After I made an adjustment suggested in #62 issue it worked.
Please consider adding flag in setting to allow CORS for integrations.
Hi,
I'm using Kenku to provide music to for my (Foundry) VTT-based game in Discord.
Preferrably I'd like to control the music & sounds from within the VTT, which is in theory possible using JavaScript-based Macros that make calls to the Kenku API.
However since fastify does not sent any CORS headers, most if not all current browsers will not allow requests from the domain where my VTT is hosted to localhost where Kenku is running.
I was able to add the required headers by forking the project, but I would prefer it if this possibility could be incorporated into the mainline branch.
From a security point of view, the approach I've taken in my fork (allowing CORS requests from all domains) is quite "quick and dirty". For integrating this into the upstream it should at least be optional (that is, CORS requests have to be enabled explicitly in the API settings) or, even better, have a configurable domain name in the API settings for which CORS requests are allowed.
I would gladly implement the required configuration, but the policy states no feature PRs are accepted so I did not (yet ) see much sense in that.
The text was updated successfully, but these errors were encountered: