Replying to Avatar ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 1

https://cors-test.codehappy.dev/?url=https%3A%2F%2Futxo.one%2F.well-known%2Fnostr.json%3Fname%3D_&origin=https%3A%2F%2Fcors-test.codehappy.dev%2F&method=get

they are saying it will pass but it's mising a header:

mine:

yours:

Reply to this note

Please Login to reply.

Discussion

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 1

ahaha back to front...

yours has only the wildcard, mine also has the methods field

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago 💬 2

nostr:npub1ye5ptcxfyyxl5vjvdjar2ua3f0hynkjzpx552mu5snj3qmx5pzjscpknpr

is it strict CORS to only accept the wildcard if the methods are specified?

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

also, yes in my code i strictly sanitize it so it is just json, if not it won't serve it, so there's no way a malicious intrusion could rewrite the file and put javascript code into it

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

also wen subscription access