Skip to content

Add config to handle cors #658

New issue
New issue
Open
Open
Add config to handle cors#658
Labels
packageNew package
@amarjeetanandsingh

Description

@amarjeetanandsingh
amarjeetanandsingh
opened on May 3, 2024

Hi
I agree with the point mentioned in this comment that we should not allow the POST /package API from the browser by default as it modifies the system.

However, I am not very convinced with the approach we are taking to disable this feature from a browser.

Impact of no cors-

  • Difficult POC: We'll need NGINX or similar proxy servers to manipulate headers. This initially demands resources/time/effort which drops the motivation of the adoption of Piston.

Proposed Solution:

  • We can control the cors from the piston config, disabled by default(current behavior). However, we can discuss enabling it in docker-compose.dev.yml
  • In case we really want to be careful with the POST /packages API-
    • We can enable this feature(POST /packages endpoint) based on a config.
    • Or we decouple the system-impacting feature from user-facing endpoint list. we can provide a small script kind of tool to install a package manually inside /piston/packages dir.

In case we can conclude on this, I'll be happy to contribute to the implementation :-)

Metadata

Metadata

Assignees

No one assigned

    Labels

    packageNew package

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions