101010.pl

just small circles 🕊TIL that <a href="https://social.coop/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> also stands for "cat–owner relationship scale". Delightful.<a href="https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0324016" rel="nofollow noopener" translate="no" target="_blank">https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0324016</a><a href="https://social.coop/tags/cats" class="mention hashtag" rel="nofollow noopener" target="_blank">#cats</a> <a href="https://social.coop/tags/catsofmastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#catsofmastodon</a>

Lanie Molinar Carmelo🚨 Help Needed: <a href="https://allovertheplace.ca/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> and <a href="https://allovertheplace.ca/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloudflare</a> Access Issues with <a href="https://allovertheplace.ca/tags/Nextflux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nextflux</a> + <a href="https://allovertheplace.ca/tags/MiniFlux" class="mention hashtag" rel="nofollow noopener" target="_blank">#MiniFlux</a> Setup 🚨Hi everyone! I’m struggling with a <a href="https://allovertheplace.ca/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosted</a> setup and could really use some advice from the self-hosting community. Lol I've been trying to figure this out for hours with no luck. Here’s my situation:Setup<ul><li>MiniFlux: Running in <a href="https://allovertheplace.ca/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a> on a <a href="https://allovertheplace.ca/tags/RaspberryPi500" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPi500</a> (<a href="https://allovertheplace.ca/tags/Stormux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Stormux</a>, based on <a href="https://allovertheplace.ca/tags/ArchLinuxARM" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArchLinuxARM</a>).</li><li>Nextflux: Hosted on Cloudflare Pages.</li><li>Reverse Proxy: <a href="https://allovertheplace.ca/tags/Caddy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Caddy</a> (installed via AUR).</li><li>Cloudflare Access: Enabled for security and SSO.</li><li>Cloudflared: Also installed via AUR.</li><li>CORS Settings in Cloudflare Access: Configured to allow all origins, methods, and headers.</li></ul>What’s Working<ul><li>MiniFlux is accessible from my home network after removing restrictive CORS settings in both Caddy and MiniFlux.</li><li>Nextflux is properly deployed on Cloudflare Pages.</li></ul>The ProblemNextflux cannot connect to MiniFlux due to persistent CORS errors and authentication issues with Cloudflare Access. Here are the errors I’m seeing in the browser console:<ol><li>CORS Error:<code>Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' from origin 'https://nextflux.laniecarmelo.tech' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.</code></li><li>Cloudflare Access Redirection:<pre><code>Request redirected to 'https://lifeofararebird.cloudflareaccess.com/cdn-cgi/access/login/rss.laniecarmelo.tech'. </code></pre></li><li>Failed to Fetch:<pre><code>Failed to fetch: TypeError: Failed to fetch. </code></pre></li></ol>What I’ve Tried<ol><li>Service Token Authentication:<ul><li>Generated a service token in Cloudflare Access for Nextflux.</li><li>Added <code>CF-Access-Client-Id</code> and <code>CF-Access-Client-Secret</code> headers in Caddy for <code>rss.laniecarmelo.tech</code>.</li><li>Updated Cloudflare Access policies to include a bypass rule for this service token.</li></ul></li><li>CORS Configuration:<ul><li>Tried permissive settings (<code>Access-Control-Allow-Origin: *</code>) in both Caddy and MiniFlux.</li><li>Configured Cloudflare Access CORS settings to allow all origins, methods, and headers.</li></ul></li><li>Policy Adjustments:<ul><li>Created a bypass policy for my home IP range and public IP.</li><li>Added an "Allow" policy for authenticated users via email/login methods.</li></ul></li><li>Debugging Logs:<ul><li>Checked Cloudflared logs, which show requests being blocked due to missing access tokens (<code>AccessJWTValidator</code> errors).</li></ul></li></ol>Current StateDespite these efforts:<ul><li>Requests from Nextflux are still being blocked by Cloudflare Access or failing due to CORS issues.</li><li>The browser console consistently shows "No 'Access-Control-Allow-Origin' header" errors.</li></ul>Goals<ol><li>Allow Nextflux (hosted on Cloudflare Pages) to connect seamlessly to MiniFlux (behind Cloudflare Access).</li><li>Maintain secure access to MiniFlux for other devices (e.g., my home network or mobile devices).</li></ol>My Environment<ul><li>Raspberry Pi 500 running Arch Linux ARM.</li><li>Both Caddy and Cloudflared are installed via AUR packages.</li><li>MiniFlux is running in Docker with the following environment variables:<code>CLOUDFLARE_SERVICE_AUTH_ENABLED=trueCLOUDFLARE_CLIENT_ID=<client-id>CLOUDFLARE_CLIENT_SECRET=<client-secret></code></li></ul>Relevant LogsFrom <code>cloudflared</code>:<pre><code>ERR error="request filtered by middleware handler (AccessJWTValidator) due to: no access token in request" </code></pre>From the browser console:<pre><code>Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' has been blocked by CORS policy. </code></pre>Questions<ol><li>Is there a better way to configure CORS for this setup?</li><li>Should I be handling authentication differently between Nextflux and MiniFlux?</li><li>How can I ensure that requests from Nextflux include valid access tokens?</li></ol>Any help or advice would be greatly appreciated! 🙏<a href="https://allovertheplace.ca/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosting</a> <a href="https://allovertheplace.ca/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloudflare</a> <a href="https://allovertheplace.ca/tags/CaddyServer" class="mention hashtag" rel="nofollow noopener" target="_blank">#CaddyServer</a> <a href="https://allovertheplace.ca/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a> <a href="https://allovertheplace.ca/tags/RSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RSS</a> <a href="https://allovertheplace.ca/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> <a href="https://allovertheplace.ca/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://allovertheplace.ca/tags/ArchLinuxARM" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArchLinuxARM</a> <a href="https://allovertheplace.ca/tags/CloudflarePages" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudflarePages</a> <a href="https://allovertheplace.ca/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#tech</a> <a href="https://allovertheplace.ca/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#technology</a>

Aditya TelangeCORS<a href="https://mastodon.social/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mastodon.social/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a>

Felix Palmen :freebsd: :c64:Ok I guess I'll have to give up again quite quickly 😦 <a href="https://mastodon.bsd.cafe/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://mastodon.bsd.cafe/tags/Teams" class="mention hashtag" rel="nofollow noopener" target="_blank">#Teams</a> is broken for me as soon as I disable <a href="https://mastodon.bsd.cafe/tags/IPv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#IPv4</a>. From what I could understand in this horrible mess of a "web app", the reason is probably some <a href="https://mastodon.bsd.cafe/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> error. I have no idea how that could ever be related to <a href="https://mastodon.bsd.cafe/tags/IPv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#IPv6</a> or <a href="https://mastodon.bsd.cafe/tags/NAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#NAT</a> or anything. Tried temporarily disabling <a href="https://mastodon.bsd.cafe/tags/NAT64" class="mention hashtag" rel="nofollow noopener" target="_blank">#NAT64</a> (to force direct v6 connections), tried adding all of Microsofts v6 networks to the "exclude" option of bind9 to have everything pass <a href="https://mastodon.bsd.cafe/tags/NAT64" class="mention hashtag" rel="nofollow noopener" target="_blank">#NAT64</a> *avoiding* native IPv6, tried several ways to disable CORS, nothing helped. 🤬 Anyone know about these issues with teams?edit: to clarify, "everything" seems to work except for the main purpose: join an actual call ...

Roberto B.🚨 CORS error blocking your Laravel API? 🚨If your frontend and Laravel backend are on different domains, you’ve probably hit the dreaded CORS policy error. Don’t let it break your app! Learn how to configure your Laravel application to allow cross-origin requests, and get your API running smoothly.🔧 Fix it now: <a href="https://dev.to/robertobutti/resolve-blocked-by-cors-policy-no-access-control-allow-origin-in-laravel-kp1" rel="nofollow noopener" translate="no" target="_blank">https://dev.to/robertobutti/resolve-blocked-by-cors-policy-no-access-control-allow-origin-in-laravel-kp1</a><a href="https://phpc.social/tags/cors" class="mention hashtag" rel="nofollow noopener" target="_blank">#cors</a> <a href="https://phpc.social/tags/php" class="mention hashtag" rel="nofollow noopener" target="_blank">#php</a> <a href="https://phpc.social/tags/laravel" class="mention hashtag" rel="nofollow noopener" target="_blank">#laravel</a> <a href="https://phpc.social/tags/headers" class="mention hashtag" rel="nofollow noopener" target="_blank">#headers</a> <a href="https://phpc.social/tags/http" class="mention hashtag" rel="nofollow noopener" target="_blank">#http</a> <a href="https://phpc.social/tags/tutorial" class="mention hashtag" rel="nofollow noopener" target="_blank">#tutorial</a>

ParsingphaseLooks like I snuck in a <a href="https://m.phase.org/tags/lifer" class="mention hashtag" rel="nofollow noopener" target="_blank">#lifer</a> between the whales and dolphins. Cory's Shearwater, 15 miles off Gloucester MA this morning. <a href="https://m.phase.org/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> <a href="https://m.phase.org/tags/Birds" class="mention hashtag" rel="nofollow noopener" target="_blank">#Birds</a> <a href="https://m.phase.org/tags/CorysShearwater" class="mention hashtag" rel="nofollow noopener" target="_blank">#CorysShearwater</a>

jub0bs😇 With jub0bs/cors v0.2.0, you can now reconfigure your CORS middleware on the fly, even as the middleware is processing requests.<a href="https://jub0bs.com/posts/2024-05-14-reconfigurable-cors-middleware/" rel="nofollow noopener" translate="no" target="_blank">https://jub0bs.com/posts/2024-05-14-reconfigurable-cors-middleware/</a><a href="https://infosec.exchange/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#golang</a> <a href="https://infosec.exchange/tags/cors" class="mention hashtag" rel="nofollow noopener" target="_blank">#cors</a>

jub0bsHi Gophers! If you're tired of being frustrated by CORS, I've got just the remedy. 💊 <a href="https://jub0bs.com/posts/2024-04-27-jub0bs-cors-a-better-cors-middleware-library-for-go/" rel="nofollow noopener" translate="no" target="_blank">https://jub0bs.com/posts/2024-04-27-jub0bs-cors-a-better-cors-middleware-library-for-go/</a><a href="https://infosec.exchange/tags/cors" class="mention hashtag" rel="nofollow noopener" target="_blank">#cors</a> <a href="https://infosec.exchange/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#golang</a>

Alcea<a href="https://corteximplant.com/@revengeday" class="u-url mention" rel="nofollow noopener" target="_blank">@revengeday</a> So much yes !It defeats the evil <a href="https://mstdn.animexx.de/tags/cors" class="mention hashtag" rel="nofollow noopener" target="_blank">#cors</a> and is afraid of nothing

LampWtf, the same request copied as fetch fails on cors, why? Is it because they load it on <img> tag, and <a class="hashtag" href="https://kitty.haus/tag/js" rel="nofollow noopener" target="_blank">#js</a> has different policy with <a class="hashtag" href="https://kitty.haus/tag/cors" rel="nofollow noopener" target="_blank">#cors</a>?

Guillaume Laforge<a href="https://uwyn.net/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a>... 😩

Vincent TunruUseful trick shared by <a href="https://infosec.exchange/@dveditz" class="u-url mention" rel="nofollow noopener" target="_blank">@dveditz</a>: when debugging <a href="https://fosstodon.org/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> issues, you can get some helpful information in the console using document.body.addEventListener( "securitypolicyviolation", (e) => { console.log(e) } )For more info, see <a href="https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent" rel="nofollow noopener" target="_blank">https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent</a>

jub0bsIf performance matters to you, which <a href="https://infosec.exchange/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> library for <a href="https://infosec.exchange/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#golang</a> would you rather use? 😇 <a href="https://github.com/jub0bs/fcors-benchmarks" rel="nofollow noopener" translate="no" target="_blank">https://github.com/jub0bs/fcors-benchmarks</a>

jub0bs🚀 Release of v0.5.1 of jub0bs/fcors, the most opinionated <a href="https://infosec.exchange/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> middleware library for <a href="https://infosec.exchange/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#golang</a>: - improved documentation - minor performance gains <a href="https://github.com/jub0bs/fcors" rel="nofollow noopener" translate="no" target="_blank">https://github.com/jub0bs/fcors</a>

Marcel Waldvogel 🔜 WHYI have been working with <a href="https://waldvogel.family/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> for some time now. But today I finally found this great resource and it greatly reduced the amount of confusion I still had about cross-origin requests. (Also a great resource to experiment.) <a href="https://waldvogel.family/tags/WebDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebDev</a> <a href="https://jakearchibald.com/2021/cors/" rel="nofollow noopener" target="_blank">https://jakearchibald.com/2021/cors/</a>

@reiver ⊼ (Charles) :batman:Some of the <a href="https://mastodon.social/tags/Fediverse" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fediverse</a> software is not setting <a href="https://mastodon.social/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> headers for their <a href="https://mastodon.social/tags/Atom" class="mention hashtag" rel="nofollow noopener" target="_blank">#Atom</a> & <a href="https://mastodon.social/tags/RSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#RSS</a> <a href="https://mastodon.social/tags/WebFeed" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebFeed</a>They should. But they aren't....Adding <a href="https://mastodon.social/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> headers makes it so Atom & RSS WebFeeds can be pulled at the client end (and doesn't have to run through a server).If you care about <a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> , you should care about this. As not having it have to run through a server protects privacy more....For example, the Atom & RSS WebFeeds should have this CORS header:Access-Control-Allow-Origin: *

Tad LispyDoes anyone know of a free (as in beer 🍻 ) text snippet hosting service that sets the CORS headers to allow GET requests from any origin? The reason to ask is that I'm working on a web game where levels can be created by other people as text and loaded from 3rd party websites. Now I want to write simple instructions for not very technical people to be able to extend the game. They will need a way to host their levels somewhere.<a href="https://chaos.social/tags/HTTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#HTTP</a> <a href="https://chaos.social/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> <a href="https://chaos.social/tags/AccessControl" class="mention hashtag" rel="nofollow noopener" target="_blank">#AccessControl</a> <a href="https://chaos.social/tags/Hosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hosting</a> <a href="https://chaos.social/tags/Web" class="mention hashtag" rel="nofollow noopener" target="_blank">#Web</a> <a href="https://chaos.social/tags/Collaboration" class="mention hashtag" rel="nofollow noopener" target="_blank">#Collaboration</a> <a href="https://chaos.social/tags/GameDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#GameDev</a>

Tarnkappe.info📬 Samsung: Sicherheitslücke im Galaxy Store lässt Malware herein <a href="https://social.tchncs.de/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hacking</a> <a href="https://social.tchncs.de/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a> <a href="https://social.tchncs.de/tags/CrossSiteScripting" class="mention hashtag" rel="nofollow noopener" target="_blank">#CrossSiteScripting</a> <a href="https://social.tchncs.de/tags/Deeplinks" class="mention hashtag" rel="nofollow noopener" target="_blank">#Deeplinks</a> <a href="https://social.tchncs.de/tags/GalaxyStore" class="mention hashtag" rel="nofollow noopener" target="_blank">#GalaxyStore</a> <a href="https://social.tchncs.de/tags/SamsungGalaxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#SamsungGalaxy</a> <a href="https://social.tchncs.de/tags/URLParameter" class="mention hashtag" rel="nofollow noopener" target="_blank">#URLParameter</a> <a href="https://social.tchncs.de/tags/WebView" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebView</a> <a href="https://tarnkappe.info/artikel/hacking/samsung-sicherheitsluecke-im-galaxy-store-laesst-malware-herein-258618.html" rel="nofollow noopener" target="_blank">https://tarnkappe.info/artikel/hacking/samsung-sicherheitsluecke-im-galaxy-store-laesst-malware-herein-258618.html</a>

Solinvictus :vm:Some Cross Origin Resource Sharing (<a href="https://mastodontech.de/tags/CORS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CORS</a>) guide <a href="https://mastodontech.de/tags/eli5" class="mention hashtag" rel="nofollow noopener" target="_blank">#eli5</a> , it's pretty cool explained<a href="https://ieftimov.com/post/deep-dive-cors-history-how-it-works-best-practices/" rel="nofollow noopener" target="_blank">https://ieftimov.com/post/deep-dive-cors-history-how-it-works-best-practices/</a><a href="https://mastodontech.de/tags/guide" class="mention hashtag" rel="nofollow noopener" target="_blank">#guide</a> <a href="https://mastodontech.de/tags/tipsandtricks" class="mention hashtag" rel="nofollow noopener" target="_blank">#tipsandtricks</a> <a href="https://mastodontech.de/tags/TIL" class="mention hashtag" rel="nofollow noopener" target="_blank">#TIL</a>

TykaynQuand tu suis la doc officielle de <a href="https://mastodon.cipherbliss.com/tags/nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#nginx</a> pour autoriser des requêtes <a href="https://mastodon.cipherbliss.com/tags/cors" class="mention hashtag" rel="nofollow noopener" target="_blank">#cors</a>, que tu relances le serveur mais que ca te dit toujours que ton API n'autorise pas le <a href="https://mastodon.cipherbliss.com/tags/cors" class="mention hashtag" rel="nofollow noopener" target="_blank">#cors</a>.

Recent searches

Search options

Administered by:

Server stats:

#cors