Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build with wasm target works, but fail to run because CORS #167

Open
derust opened this issue Oct 9, 2021 · 4 comments
Open

build with wasm target works, but fail to run because CORS #167

derust opened this issue Oct 9, 2021 · 4 comments

Comments

@derust
Copy link

derust commented Oct 9, 2021

Access to fetch at 'https://api.cloudflare.com/client/v4/zones' from origin 'http://lo:8000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Do api.cloudflare.com have any setting to bypass CORS restriction?

@nilslice
Copy link
Contributor

@derust - I will check with the API team internally and see if this is intentional, or a configuration on a per-endpoint basis. Thanks for reporting, and sorry for the delay!

If this is blocking you, would it be possible in your system to add a Cloudflare Worker as a minimal proxy between your client and the Cloudflare API?

@jacobbednarz
Copy link
Member

👋 we don't currently have CORS support on the API but i'd be interested in how you were thinking about doing this because if you need CORS, that also means you're doing this in the frontend/browser and exposing your credentials at the same time (as all the endpoints are authenticated). If you're using a frontend/backend combo, you'll want to move this to the backend and have it make the requests working around the need for CORS.

@derust
Copy link
Author

derust commented Oct 29, 2021

@nilslice
thank you, I already do that

@jacobbednarz
the use case is:
I was made a SPA to help users manage their resources,
specifically, an acme-client running in browser, which use cloudflare dns api handle DNS01 challenge.

the credentials is saved locally and never leaves users browser

If there is no CORS restriction , the wasm version of this crate will be more useful

@jacobbednarz
Copy link
Member

thanks, i'll add a note to our internal ticket of your use case but i can't guarantee whether this will change or provide an ETA on when this will land if it's decided on.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants