no CORS no more

0bcef249 · tom · 091537b9 · 0bcef249 · 0bcef249
Commit 0bcef249 authored Dec 24, 2022 by tom
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 6 deletions

config.ts configs/app/config.ts +1 -0

buildUrl.ts lib/api/buildUrl.ts +15 -6

No files found.
--- a/configs/app/config.ts
+++ b/configs/app/config.ts
@@ -90,6 +90,7 @@ const config = Object.freeze({
    adButlerOn: getEnvValue(process.env.NEXT_PUBLIC_AD_ADBUTLER_ON) === 'true',
  },
  api: {
+    host: apiHost,
    endpoint: apiHost ? `https://${ apiHost }` : 'https://blockscout.com',
    socket: apiHost ? `wss://${ apiHost }` : 'wss://blockscout.com',
    basePath: stripTrailingSlash(getEnvValue(process.env.NEXT_PUBLIC_API_BASE_PATH) || ''),

--- a/lib/api/buildUrl.ts
+++ b/lib/api/buildUrl.ts
@@ -9,13 +9,22 @@ export default function buildUrl(
  pathParams?: Record<string, string>,
  queryParams?: Record<string, string | undefined>,
 ) {
-  // FIXME was not able to figure out how to send CORS with credentials from localhost
-  // so for local development we use nextjs api as proxy server (only!)
-  const baseUrl = appConfig.host === 'localhost' ? appConfig.baseUrl : (resource.endpoint || appConfig.api.endpoint);
+  // FIXME
+  // 1. I was not able to figure out how to send CORS with credentials from localhost
+  //    unsuccessfully tried different ways, even custom local dev domain
+  //    so for local development we have to use next.js api as proxy server
+  // 2. and there is an issue with API and csrf token
+  //    for some reason API will reply with error "Bad request" to any PUT / POST CORS request
+  //    even though valid csrf-token is passed in header
+  //    we also can pass token in request body but in this case API will replay with "Forbidden" error
+  //    @nikitosing said it will take a lot of time to debug this problem on back-end side, maybe he'll change his mind in future :)
+  // To sum up, we are using next.js proxy for all instances where app host is not the same as API host (incl. localhost)
+  // will need to change the condition if there are more micro services that need authentication and DB state changes
+  const needProxy = appConfig.host !== appConfig.api.host;
+
+  const baseUrl = needProxy ? appConfig.baseUrl : (resource.endpoint || appConfig.api.endpoint);
  const basePath = resource.basePath !== undefined ? resource.basePath : appConfig.api.basePath;
-  const path = appConfig.host === 'localhost' ?
-    '/proxy' + basePath + resource.path :
-    basePath + resource.path;
+  const path = needProxy ? '/proxy' + basePath + resource.path : basePath + resource.path;
  const url = new URL(compile(path)(pathParams), baseUrl);

  queryParams && Object.entries(queryParams).forEach(([ key, value ]) => {