mina-indexer icon indicating copy to clipboard operation
mina-indexer copied to clipboard

Published 20 hours ago verified publisher icon Granola-Team

GraphQL and REST web endpoints do not allow for CORS

Open nathan-tranquilla opened this issue 1 year ago • 1 comments
trafficstars

Response should contain the following in the response header:

Access-Control-Allow-Origin: *

nathan-tranquilla avatar May 24 '24 17:05 nathan-tranquilla

I enabled this at the Cloudflare layer.

However, I am also planning to enable at the Indexer HTTP server layer.

jhult avatar May 24 '24 21:05 jhult

CORS is already enabled in the indexer: https://github.com/Granola-Team/mina-indexer/blob/main/rust/src/web/mod.rs#L53

trevorbernard avatar May 29 '24 14:05 trevorbernard

CORS is already enabled in the indexer: https://github.com/Granola-Team/mina-indexer/blob/main/rust/src/web/mod.rs#L53

Actually, it is not.

Cors::permissive()

All origins, methods, request headers and exposed headers allowed. Credentials supported. Max age 1 hour. Does not send wildcard.

We need to use this:

Cors::send_wildcard

Configures use of wildcard (*) origin in responses when appropriate.

If send_wildcard is set and the allowed_origins parameter is All, a wildcard Access-Control-Allow-Origin response header is sent, rather than the request’s Origin header.

This option CANNOT be used in conjunction with a credential supported configuration. Doing so will result in an error during server startup.

Defaults to disabled.

jhult avatar May 29 '24 18:05 jhult