the final boss in getting the blossom server on ORLY? working turns out to be CORS
Access to fetch at 'https://test.orly.dev/upload' from origin 'https://jumble.social' has been blocked by CORS policy: Request header field x-sha-256 is not allowed by Access-Control-Allow-Headers in preflight response.
IIRC, there’s a weird interaction where Chrome will reject your CORS request if you try to include credentials and the Access-Control-Allow-Origin is set to ‘*’.
To perform a credentialed CORS request, the header has to name an origin. So the workaround tends to be to accept an origin parameter somehow (URL parameter, request header), then, server side, use this value to populate the Access-Control-Allow-Origin header in your server response.
That way, the preflight succeeds enough to get to the actual request.
ah. well, i guess since that doesn't apply to nostr auth, but yes i bumped into that combo one time a ways back
oh yeah, and, it turned out it was something amiss with my reverse proxy `reverse` as well as related to the relay's http header handling. that plus the miserable internet speed i get here and the relay's sync doing crazy stuff...
was actually lots of fixes as well as getting the blossom working
