From 8b7a821603925a2baf6aac0d0520836c8eb8f6fa Mon Sep 17 00:00:00 2001 From: liamcottle Date: Sat, 16 Nov 2024 23:01:28 +1300 Subject: [PATCH] add caddy proxy config example for cors bypass --- README.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/README.md b/README.md index a40e4e1..66dc09d 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,50 @@ npm run dev - Implement database persistence so messages history is saved across page reloads +## CORS Proxy for HTTP Connections + + +- The `/api/v1/fromradio` endpoint in `meshtasticd` works as expected. +- The `/api/v1/toradio` endpoint in `meshtasticd` does not return an `OPTIONS` response. + +What does this mean? It means that it is possible to fetch packets from a `meshtasticd` device over HTTP, however you cannot send packets to `meshtasticd` over HTTP as the browser will reject the request due to the CORS preflight request having failed. + +This could be fixed by adding the correct CORS response in `meshtasticd` code, or you can alternatively use an HTTP reverse proxy that injects the required CORS headers in all responses. + +Here is an example config I use in my Caddy reverse proxy. Do note that I have omitted my TLS configuration. + +``` +# Meshtastic - Liam's Pi Gateway +meshtasticd.example.com { + + # always respond with these cors headers + header Access-Control-Allow-Origin "*" + header Access-Control-Allow-Methods "*" + header Access-Control-Allow-Headers "*" + + # respond with http 200 for all options requests and bypass sending to meshtasticd + @options method OPTIONS + respond @options "" 200 + + # reverse proxy to meshtasticd + reverse_proxy https://10.1.0.123 { + + # strip existing cors headers from meshtasticd responses + header_down -Access-Control-Allow-Origin + header_down -Access-Control-Allow-Methods + header_down -Access-Control-Allow-Headers + + # allow self signed cert + transport http { + tls + tls_insecure_skip_verify + } + + } + +} +``` + ## License MIT