Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CORS development environment issue #175

Open
leela-solomon opened this issue Jan 30, 2025 · 2 comments
Open

Fix CORS development environment issue #175

leela-solomon opened this issue Jan 30, 2025 · 2 comments
Assignees
@amnak613
Labels
front end

Comments

@leela-solomon
Copy link
Collaborator

leela-solomon commented Jan 30, 2025
edited by nickvisut
Loading

@amnak613 identified that we need to account for browser same-origin policy when making client-side API calls (http://localhost:3000 to http://localhost:8000) while working on her branch. This issue is a barrier to testing client-side API calls locally.

The issue is due to not having the origins not being the same and is often solved with a CORS header that gives permission to http://localhost:3000.

Note

NOTE: the plan is for preview and production deployments to use the same origin (host and port), so this issue doesn't currently apply in that scenario. It only currently applies in the dev environment scenario. However, it's possible that the aforementioned deployments could use different origins in the future.

EDIT: Added some technical info for reference in comments: #175 (comment)
@mantuok mantuok removed the status in QuakeSafe Project Jan 30, 2025
@mantuok mantuok moved this to Todo in QuakeSafe Project Jan 30, 2025
@mantuok mantuok assigned amnak613 and unassigned nickvisut and mantuok Jan 30, 2025
@mantuok mantuok moved this from Todo to In Progress in QuakeSafe Project Jan 30, 2025
@nickvisut
Copy link
Collaborator

Adding some technical info that's been gathered for reference:

There are several known methods for addressing the issue (including the CORS header mentioned above), three of which are listed below:

  1. add a CORS header to the API that checks if the HTTP origin is in the list of allowed origins (in our case, development environment origins like http://localhost:3000); for FastAPI, see their docs for implementation details
  2. have dev temporarily run browser without CORS enabled (see https://www.junian.net/dev/safari-disable-cors/, https://stackoverflow.com/questions/4556429/disabling-same-origin-policy-in-safari)
  3. proxy app and/or API so that the origins are the same

There are various pros and cons to diff approaches discussed in this Slack thread.

amnak613 added a commit that referenced this issue Feb 2, 2025
@amnak613
#175 Update cors middleware (#184)
ed1cf46 
* updated cors middleware

* resolved cors error
@nickvisut
Copy link
Collaborator

This is partially fixed by #184, but there's some configuration that appears to be missing (from eg, ucicorn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amnak613 amnak613

Labels
front end
Projects
QuakeSafe Project
Status: In Progress
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nickvisut @mantuok @leela-solomon @amnak613