Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS error when accessing .status on publicServer #226

Open
martybetz opened this issue Nov 2, 2024 · 3 comments
Open

CORS error when accessing .status on publicServer #226

martybetz opened this issue Nov 2, 2024 · 3 comments

Comments

@martybetz
Copy link

In data/config.json, I set {publicServer:true}. I then ran: galene -insecure -turn 192.168.4.23:1194

So, Galene server and simple examples are now running fine on http://localhost:8443

But my intention is to use it from pages hosted on another local webserver. localhost:7701. I tried to get the simple example/example.html static page working from there. Naturally, in example.js, I needed to use "await start("http://localhost:8443/group/public/");" That's fine.

But then I still get a CORS error when my :7701 hosted js needs to fetch("http://localhost:8443/group/public/.status") I think there is a bug with CORS access of ".status". It seems webserver/webserver.go fails to set the header for Allow-Origin properly when the requested file is ".status":

By adding the following code into groupStatusHandler(),

conf, err := group.GetConfiguration()
if err != nil {
	httpError(w, err)
	return
}
if conf.PublicServer {
	w.Header().Set("Access-Control-Allow-Origin", "*")
}

everything works perfectly.
Am I doing something wrong? Did I find a bug?
-Marty
@jech
Copy link
Owner

jech commented Nov 2, 2024

I think you're doing everything right, and you've found a limitation in Galene's administrative interface.

Currently, the publicServer directive allows cross-site access to the videoconferencing protocols (both the native protocol and WHIP). However, it does nothing to the administrative interface.

Do we want to allow cross-site access to the administrative interface when publicServer is set, or should that be controlled by a different directive?

@martybetz
Copy link
Author

martybetz commented Nov 3, 2024
edited
Loading

Ah. That makes sense. Thanks

I'm not very familiar with WHIP use cases, but for client communication I think allowing a specific CORS origin domain would be valuable, as opposed rarely desired fully public access. And I could imagine a separate, parallel need for private or open WHIP access.

So, I'm envisioning the config file might allow for something like: ClientCorsAccess: "*" or "http://domain:7701" etc

Again, I'm not an expert, so I'm very open to other perspectives.

@jech
Copy link
Owner

jech commented Nov 3, 2024

https://lists.galene.org/galene/878qu0u1yx.wl-jch@irif.fr/T/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jech @martybetz