Missing CORS prevents third-party web clients
![](https://beehaw.org/pictrs/image/3edbcaf8-81df-4666-97c9-7fa11f4cfe77.png)
![](https://beehaw.org/pictrs/image/b101eefc-9ec4-4c03-8913-78a4ebacd206.png)
Hey Beehaw mods!
I'm currently working on a Lemmy web client, but the lack of proper CORS headers is preventing anything from working :(
I just wanted to ask if the appropriate CORS headers could be added to the front-facing proxy layer. If you're using Caddy, I believe something like this should do the trick:
reverse_proxy ... {
header_down Access-Control-Allow-Origin *
header_down Access-Control-Allow-Methods *
header_down Access-Control-Allow-Headers *
}
Relevant issue: https://github.com/LemmyNet/lemmy/issues/3109
You are viewing a single comment
Websocket handshakes are done over HTTP. The endpoint for Beehaw's WS API would be
wss://beehaw.org/
, so it's still going to use the same CORS policies as accessing the/
(root) path.