Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cors? #98

Closed
inginheiiro opened this issue Sep 15, 2022 · 3 comments · Fixed by #99
Closed

Cors? #98

inginheiiro opened this issue Sep 15, 2022 · 3 comments · Fixed by #99

Comments

@inginheiiro
Copy link

Cors not enabled?
@TomWright
Copy link
Owner

TomWright commented Sep 26, 2022
edited
Loading

It should be easy enough to enable CORS headers here.

I'm wondering if we'd want this to be configurable? A fixed */origin value in the header, should the header always be sent etc. Any input would be appreciated

@inginheiiro
Copy link
Author

I would go to a header like you proposed. (simple way)
Another option could be to "provide" a config file (yml/json/...) to configure the cors origins + access....

@TomWright TomWright linked a pull request Sep 29, 2022 that will close this issue
Add --allow-all-origins arg #99
Merged
@TomWright
Copy link
Owner

This is resolved as of the latest version. --allow-all-origins defaults to false from the executable but is enabled in the docker image.

Request sent with no origin set:

$ curl --location --request GET -v 'http://localhost:80/generate?data=graph%20LR%0A%0A%20%20%20%20A--%3EB%0A%20%20%20%20B--%3EC%0A%20%20%20%20C--%3ED%0A%20%20%20%20C--%3EF%0A'
Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying 127.0.0.1:80...
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /generate?data=graph%20LR%0A%0A%20%20%20%20A--%3EB%0A%20%20%20%20B--%3EC%0A%20%20%20%20C--%3ED%0A%20%20%20%20C--%3EF%0A HTTP/1.1
> Host: localhost
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: *
< Content-Type: image/svg+xml
< Date: Thu, 29 Sep 2022 15:33:14 GMT
< Transfer-Encoding: chunked
<
...

Request sent with origin header:

$ curl --location --request GET -H 'Origin: http://tomwright.me' -v 'http://localhost:80/generate?data=graph%20LR%0A%0A%20%20%20%20A--%3EB%0A%20%20%20%20B--%3EC%0A%20%20%20%20C--%3ED%0A%20%20%20%20C--%3EF%0A'
Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying 127.0.0.1:80...
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /generate?data=graph%20LR%0A%0A%20%20%20%20A--%3EB%0A%20%20%20%20B--%3EC%0A%20%20%20%20C--%3ED%0A%20%20%20%20C--%3EF%0A HTTP/1.1
> Host: localhost
> User-Agent: curl/7.79.1
> Accept: */*
> Origin: http://tomwright.me
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: http://tomwright.me
< Content-Type: image/svg+xml
< Date: Thu, 29 Sep 2022 15:35:22 GMT
< Transfer-Encoding: chunked
<

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add --allow-all-origins arg TomWright/mermaid-server
2 participants
@TomWright @inginheiiro