Skip to content

rhp4: allow cross-origin requests #253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 5, 2025
Merged

rhp4: allow cross-origin requests #253

merged 2 commits into from
Jun 5, 2025

Conversation

n8maninger
Copy link
Member

No description provided.

@Copilot Copilot AI review requested due to automatic review settings June 5, 2025 21:23
@github-project-automation github-project-automation bot moved this to In Progress in Sia Jun 5, 2025
Copilot

This comment was marked as outdated.

Sign in to view

@n8maninger n8maninger requested a review from Copilot June 5, 2025 21:25
Copilot
Copilot AI reviewed Jun 5, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enables cross-origin requests for RHP4 by modifying the WebTransport server configuration. The changes include updating the origin check to allow all origins in the QUIC listener and adding a changeset note for documentation.

  • Updated CheckOrigin configuration in rhp/v4/quic/quic.go to always allow requests.
  • Added a changeset file (.changeset/fixed_rhp4_webtransport_rejecting_cross_origin_connections.md) to document the change.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
rhp/v4/quic/quic.go Added CheckOrigin callback to allow all origins to connect.
.changeset/fixed_rhp4_webtransport_rejecting_cross_origin_connections.md Documented the cross-origin fix.
Comments suppressed due to low confidence (1)

rhp/v4/quic/quic.go:196

  • Allowing all origins bypasses standard security checks. Please ensure that comprehensive security measures are in place elsewhere in the application to protect against potential cross-origin attacks.
CheckOrigin: func(*http.Request) bool {

@n8maninger n8maninger merged commit 69abeff into master Jun 5, 2025
11 checks passed
@n8maninger n8maninger deleted the nate/webtransport branch June 5, 2025 21:30
@github-project-automation github-project-automation bot moved this from In Progress to Done in Sia Jun 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
None yet
Projects
Sia
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@n8maninger