Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Networking] Use CORS proxy for all PHP requests #1901

Closed
wants to merge 1 commit into from

Conversation

adamziel
Copy link
Collaborator

Adjusts setupFetchNetworkTransport() to funnel all PHP-sourced network requests through the CORS proxy.

This is intentionally not adding that logic to the fetch event handler in the service worker, as that would also affect all the cross-origin fetch() requests initiated by JavaScript shipped with WordPress plugins.

Related to #85

Changes in this PR

  • Adds a corsProxyUrl option to setupFetchNetworkTransport()
  • Adds the constants required by the CORS proxy to run in the local dev setup
  • Configures the CORS proxy to provide the Access-Control-Allow-Origin headers in the local setup where it's running on a different host.

Concerns

  • Is it too permissive?
  • I built this to turn Playground into an RSS reader with @akirk's Friends plugins. It can fetch the list of feeds as expected, but then it usess SimplePie to parse the feeds and that requires curl which we don't provide in the web version of Playground. PHP: Support http:// https:// and ssl:// stream wrappers #1093 is a blocker for that. I may not be able to prioritize this PR until the blocker is resolved.

Testing changes

TBD

cc @brandonpayton

Adjusts setupFetchNetworkTransport() to funnel all PHP-sourced
network requests through the CORS proxy.

This is intentionally not adding that logic to the `fetch` event handler
in the service worker, as that would also affect all the cross-origin
`fetch()` requests initiated by JavaScript shipped with WordPress
plugins.

 ## Changes in this PR

* Adds a `corsProxyUrl` option to `setupFetchNetworkTransport()`
* Adds the constants required by the CORS proxy to run in the local dev setup
* Configures the CORS proxy to provide the Access-Control-Allow-Origin
  headers in the local setup where it's running on a different host.

 ## Concerns

* Is it too permissive?
* I built this to turn Playground into an RSS reader with @akirk's
  Friends plugins. It can fetch the list of feeds as expected, but then
  it usess SimplePie to parse the feeds and that requires curl which we
  don't provide in the web version of Playground. #1093 is a blocker for
  that. Until that's resolved, I'm not compelled to prioritize this.

 ## Testing changes

TBD
@adamziel adamziel changed the title Remote: Use CORS proxy for all PHP requests [Networking] Use CORS proxy for all PHP requests Oct 15, 2024
@@ -0,0 +1,4 @@
<?php

define('PLAYGROUND_CORS_PROXY_DISABLE_RATE_LIMIT', true);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for accounting for the dev setup, @adamziel. This is something I missed when adding rate-limiting.

@adamziel
Copy link
Collaborator Author

Superseded by #2076

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

2 participants