Web devs: How do you handle CORS for local testing?

For Developers
1

I use Firefox for testing of my local ASU server and LuCI changes, from various local test devices. Since both ends are on the same domain, I get cross origin errors as expected. What's your favorite way or best practice for selectively suppressing these errors?

I'd like to restrict any CORS suppression to just my local domain/subnet, as I'm forgetful and if I turn it off globally, I'm likely to not reset it and that would be bad.

Here's an attempt to get updates in Attended Sysupgrade:

  • Host running firefox is a Win10 bare metal box at 10.1.1.186
  • https://apk is the router running LuCI at 10.1.1.22
  • ASU server is http://10.1.1.207 at port 8000

image
image1552×755 49.1 KB

2

Add extra nginx or apache to edit headers

3

Yeah, that's probably the best way but I'm trying to be lazy.:grinning_face:

I think we're using caddy on the production server, so there's already a proper config file for that. https://github.com/openwrt/asu/blob/main/misc/Caddyfile

1 Like
4

You can (regex)-match client_ip and not have one or other parameter, like run extra api on loopback.

1 Like