gateway: set CORS headers for browser support #2363
Assignees
Labels
Comments
Wondertan
changed the title
|
Ok, RPC is set, we should still test it manually though |
|
If the RPC is setting * that is actually a security vulnerability. The correct way to do this is to add a list of allowed origins to the config. Developers can add * there if they want |
|
Ideally, the port the RPC server listens on should not be exposed to WAN. It can be shared in LAN or within datacenter clusters. Even if there is a rare usecase for remote usage, it's better to filter on the IP firewall level rather than polluting the config with HTTP headers for the gateway. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@smuu was recently hacking on celestia-node and wasn't able to use any of our APIs in the browser because of CORS issues. We should add CORS headers on both gateway and RPC and allow all the origins
The text was updated successfully, but these errors were encountered: