CORS!!!
Discussion
😂
I see allow origin headers in the cdn.stemstr files when I load that track up in stemstr…
I do see a cors error on the parent author’s nip95 request. apparently gmail.com/.well-known/nostr.json doesnt work 😂
nip05*
Here's what curl gives me:
curl -v "https://cdn.stemstr.app/stream/e3d8485d8a8824e4a9426cad727e8661edc6022d34b180d2bbf1ecb1a12f490a.m3u8"
< HTTP/2 200
< content-type: application/x-mpegURL
< content-length: 2537
< date: Thu, 31 Aug 2023 15:28:39 GMT
< last-modified: Thu, 31 Aug 2023 08:21:15 GMT
< etag: "ce0202718b5aaa65fb653f3cc70eee1d"
< x-amz-server-side-encryption: AES256
< x-amz-meta-filename: e3d8485d8a8824e4a9426cad727e8661edc6022d34b180d2bbf1ecb1a12f490a.m3u8
< accept-ranges: bytes
< server: AmazonS3
< vary: Accept-Encoding
< x-cache: Miss from cloudfront
< via: 1.1 e18d3804375a86d48383ad266efc5b0a.cloudfront.net (CloudFront)
< x-amz-cf-pop: LAX50-P5
< x-amz-cf-id: CQlOcko2VB99Nby-1NyEtroni4m3WBtnOcVqEbjCjSRvZI21PP7QNA==
< vary: Origin
circling back - I made some tweaks and I think we’re good.
we’re using cloudfront and it seems they only append CORS headers when there is an origin header? I observed the same behavior testing nostrimg.com resources:
curl -H "Origin: example.com" -v https://cdn.stemstr.app/stream/e3d8485d8a8824e4a9426cad727e8661edc6022d34b180d2bbf1ecb1a12f490a.m3u8 2>&1 >/dev/null | grep "access-control"
< access-control-allow-origin: *
The bane of my existence