Replying to Avatar Anthony Accioly

It’s a CORS issue. It’s already fixed in Khatru, but I haven’t had time to update Haven yet. I also want to clean up my changes and add caching to these CORS headers directly in khatru. If nostr:npub1utx00neqgqln72j22kej3ux7803c2k986henvvha4thuwfkper4s7r50e8

doesn’t get to it first, I’ll try to update Haven this weekend. For now, you can enforce the CORS headers in Nginx at the location level (see below). However, I don’t recommend this from a security perspective.

https://haven.accioly.social/7b1004156efc88dd8b1125a3aa50b08cdc4e6b0d0ee68c34e05d2dd80d8b266f.svg

With CORS headers in place, Cloudflare works smoothly on top of Nginx/Docker. Just be careful not to serve videos through Cloudflare as it’s against their ToS. I’ve been there before with my personal Mastodon instance and migrating media to a proper CDN wasn't one of my top 10 favourite activities.

CC: nostr:npub1pt0kw36ue3w2g4haxq3wgm6a2fhtptmzsjlc2j2vphtcgle72qesgpjyc6 , nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr

Avatar
El Presidento Ben 1y ago

Ok, but a daft question, shouldn't the backend itself make CORS headers configurable? nostr:npub1utx00neqgqln72j22kej3ux7803c2k986henvvha4thuwfkper4s7r50e8

In my repo, I don't even want to install Nginx proxies, because every server operator should be able to configure and start those proxies themselves.

Of course it works with the header-configs from nostr:npub1a6we08n7zsv2na689whc9hykpq4q6sj3kaauk9c2dm8vj0adlajq7w0tyc, but it doesn't look great to open it at location level.

But I can see from the comments that we are apparently working on Haven. Super cool.

Reply to this note

Please Login to reply.

Discussion

Avatar
Anthony Accioly 1y ago

This one is on me Ben. Don't worry, Haven will have proper CORS support OOB soon. I just need some patience as I'm travelling and working on a gazillion other things at the moment and I want to get this right.