CORS Policy issue #273
-
Hi, I'm using PocketBase's PocketHost doesn't seem to like it though, is there anything I can do at all on the PocketHost side to fix this? |
Beta Was this translation helpful? Give feedback.
Replies: 6 comments 5 replies
-
Since you’re in the code already, take a look at the cors stuff in the ProxyService. Maybe you can send another PR :) |
Beta Was this translation helpful? Give feedback.
-
@benallfree - all I can think of is adding
before we return the handler of the But I have no idea if this would present any security implications on production environments... |
Beta Was this translation helpful? Give feedback.
-
Here's what I could come up with... This certainly fixes the issue stated above (tested locally while running the PocketHost stack). But as I mentioned earlier, I have no idea if there are serious security implications from this. |
Beta Was this translation helpful? Give feedback.
-
@charbs-io I've been thinking about it, and I think it would be okay to use your solution. The PocketHost code is really just a proxy, so I don't see any issue with allowing all headers. |
Beta Was this translation helpful? Give feedback.
-
@benallfree I agree. I had to (temporarily) host my app on Fly.io and my setup had no issues. I've thought about this a bit more too and I think it's fine. Thanks for getting back to me. PR Open. I look forward to moving the hosting to PocketHost once this is done! (My app will also be a good production usecase for pb_hooks on PocketHost - a good way to test it.) |
Beta Was this translation helpful? Give feedback.
-
Was this fixed? It still doesn't work for me |
Beta Was this translation helpful? Give feedback.
@charbs-io I've been thinking about it, and I think it would be okay to use your solution. The PocketHost code is really just a proxy, so I don't see any issue with allowing all headers.
pocketbase
can always deny downstream. Please submit a PR for me to review and I'll push it out asap :)