add caddy proxy config example for cors bypass

liamcottle · Nov 16, 2024 · 8b7a821 · 8b7a821
1 parent 4a45140
commit 8b7a821
Showing 1 changed file with 44 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -23,6 +23,50 @@ npm run dev
 
 - Implement database persistence so messages history is saved across page reloads
 
+## CORS Proxy for HTTP Connections
+
+
+- The `/api/v1/fromradio` endpoint in `meshtasticd` works as expected.
+- The `/api/v1/toradio` endpoint in `meshtasticd` does not return an `OPTIONS` response.
+
+What does this mean? It means that it is possible to fetch packets from a `meshtasticd` device over HTTP, however you cannot send packets to `meshtasticd` over HTTP as the browser will reject the request due to the CORS preflight request having failed.
+
+This could be fixed by adding the correct CORS response in `meshtasticd` code, or you can alternatively use an HTTP reverse proxy that injects the required CORS headers in all responses.
+
+Here is an example config I use in my Caddy reverse proxy. Do note that I have omitted my TLS configuration.
+
+```
+# Meshtastic - Liam's Pi Gateway
+meshtasticd.example.com {
+
+	# always respond with these cors headers
+	header Access-Control-Allow-Origin "*"
+	header Access-Control-Allow-Methods "*"
+	header Access-Control-Allow-Headers "*"
+
+	# respond with http 200 for all options requests and bypass sending to meshtasticd
+	@options method OPTIONS
+	respond @options "" 200
+
+	# reverse proxy to meshtasticd
+	reverse_proxy https://10.1.0.123 {
+
+		# strip existing cors headers from meshtasticd responses
+		header_down -Access-Control-Allow-Origin
+		header_down -Access-Control-Allow-Methods
+		header_down -Access-Control-Allow-Headers
+
+		# allow self signed cert
+		transport http {
+			tls
+			tls_insecure_skip_verify
+		}
+
+	}
+
+}
+```
+
 ## License
 
 MIT