Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Piped instance has modified CORS #1

Closed
FireMasterK opened this issue Apr 27, 2023 · 6 comments
Closed

Piped instance has modified CORS #1

FireMasterK opened this issue Apr 27, 2023 · 6 comments

Comments

@FireMasterK
Copy link

Hi there,

Not sure if this is the right place to make issues regarding services.

Could the access-control-allow-origin header please not be modified on the API/backend? It prevents other frontends to Piped's API from using it.

Thanks in advance!

@dr460nf1r3
Copy link
Member

Hey Kavin,
We are using our new NixOS repo for our infra nowadays, the config for Piped can be found here: https://github.com/garuda-linux/infrastructure-nix/tree/main/nix%2Fdocker-compose%2Fweb-dragon%2Fpiped%2Fconfig

Which changes do you suggest doing in order to improve it? 😊

@FireMasterK
Copy link
Author

I see, would've made an issue there had I known, apologies!

I would suggest removing these two lines: https://github.com/garuda-linux/infrastructure-nix/blob/05f1858efcca44880d42eca0d4b60d105b7a37f4/nix/web-dragon.nix#L62-L63

This would allow any website to use your API/backend, which is essential for allowing any frontend to use it!

See https://github.com/TeamPiped/Piped#made-with-piped for an idea of other frontends that could use it :)

It also breaks the instance switcher in https://piped.video/preferences, which is also an issue!

Thanks!

@FireMasterK
Copy link
Author

You also seem to have another issue, where you have two access-control-allow-headers, and access-control-allow-origin headers on https://piped-proxy.garudalinux.org.

dr460nf1r3 added a commit to garuda-linux/infrastructure-nix that referenced this issue Apr 28, 2023
@dr460nf1r3
Copy link
Member

Interesting, I'm taking a look at this too.

@dr460nf1r3
Copy link
Member

dr460nf1r3 commented Apr 28, 2023

I had to change it to:

proxy_hide_header Access-Control-Allow-Origin;
add_header Access-Control-Allow-Origin "*" always;

in order to allow video play on the web interface. While Libretube worked flawlessly, I noticed videos were not playing on the page. The console reported the removed header as missing. Would this still be fine for the use cases you mentioned? @FireMasterK

@FireMasterK
Copy link
Author

You could actually remove those lines too since the proxy actually adds those headers now! (The old one in Golang didn't)
But this would also work!

You still have a duplicate access-control-allow-headers header, but browsers don't seem to complain about it, so I guess that's fine.

Thanks for fixing the issues!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants